diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index d259ec2bd..788f8b313 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -16,6 +16,7 @@ - Blockchain Protocol - [consensus] [\#101](https://github.com/line/tendermint/pull/101) Introduce composite key to delegate features to each function key +- [consensus] [\#117](https://github.com/line/tendermint/pull/117) BLS Signature Aggregation and Verification ### FEATURES: - [init command] [\#125](https://github.com/line/tendermint/pull/125) Add an option selecting private key type to init, testnet commands diff --git a/blockchain/v1/reactor_test.go b/blockchain/v1/reactor_test.go index 041409a03..6b7837f9d 100644 --- a/blockchain/v1/reactor_test.go +++ b/blockchain/v1/reactor_test.go @@ -229,9 +229,9 @@ func TestFastSyncNoBlockResponse(t *testing.T) { for _, tt := range tests { block := reactorPairs[1].bcR.store.LoadBlock(tt.height) if tt.existent { - assert.True(t, block != nil) + assert.True(t, block != nil, "height=%d, existent=%t", tt.height, tt.existent) } else { - assert.True(t, block == nil) + assert.True(t, block == nil, "height=%d, existent=%t", tt.height, tt.existent) } } } diff --git a/config/config.go b/config/config.go index 933127aa1..693b61f2b 100644 --- a/config/config.go +++ b/config/config.go @@ -8,6 +8,7 @@ import ( "time" "github.com/pkg/errors" + "github.com/tendermint/tendermint/privval" ) diff --git a/consensus/byzantine_test.go b/consensus/byzantine_test.go index c9fca5bf4..bcf9fe6b0 100644 --- a/consensus/byzantine_test.go +++ b/consensus/byzantine_test.go @@ -8,6 +8,7 @@ import ( "time" "github.com/stretchr/testify/require" + config2 "github.com/tendermint/tendermint/config" "github.com/tendermint/tendermint/libs/service" diff --git a/consensus/invalid_test.go b/consensus/invalid_test.go index 1ae0a69ec..7bfe710db 100644 --- a/consensus/invalid_test.go +++ b/consensus/invalid_test.go @@ -81,7 +81,9 @@ func invalidDoPrevoteFunc(t *testing.T, height int64, round int, cs *State, sw * Hash: blockHash, PartsHeader: types.PartSetHeader{Total: 1, Hash: tmrand.Bytes(32)}}, } - cs.privValidator.SignVote(cs.state.ChainID, precommit) + if err = cs.privValidator.SignVote(cs.state.ChainID, precommit); err != nil { + panic(err) + } cs.privValidator = nil // disable priv val so we don't do normal votes cs.mtx.Unlock() diff --git a/consensus/reactor.go b/consensus/reactor.go index 9a6131427..f6f85f50f 100644 --- a/consensus/reactor.go +++ b/consensus/reactor.go @@ -652,9 +652,11 @@ OUTER_LOOP: // Catchup logic // If peer is lagging by more than 1, send Commit. if prs.Height != 0 && rs.Height >= prs.Height+2 { - // Load the block commit for prs.Height, + // Load the seen commit for prs.Height, // which contains precommit signatures for prs.Height. - commit := conR.conS.blockStore.LoadBlockCommit(prs.Height) + // Originally the block commit was used, but with the addition of the BLS signature-aggregation, + // we use seen commit instead of the block commit because block commit has no individual signature. + commit := conR.conS.blockStore.LoadSeenCommit(prs.Height) if ps.PickSendVote(commit) { logger.Debug("Picked Catchup commit to send", "height", prs.Height) continue OUTER_LOOP diff --git a/consensus/state.go b/consensus/state.go index f7ac2c6c0..23103c6b2 100644 --- a/consensus/state.go +++ b/consensus/state.go @@ -9,6 +9,7 @@ import ( "time" "github.com/pkg/errors" + "github.com/tendermint/tendermint/libs/fail" "github.com/tendermint/tendermint/libs/log" tmos "github.com/tendermint/tendermint/libs/os" @@ -1086,6 +1087,7 @@ func (cs *State) createProposalBlock(round int) (block *types.Block, blockParts case cs.LastCommit.HasTwoThirdsMajority(): // Make the commit from LastCommit commit = cs.LastCommit.MakeCommit() + commit.AggregateSignatures() default: // This shouldn't happen. cs.Logger.Error("enterPropose: Cannot propose anything: No commit for the previous block") return diff --git a/crypto/bls/bls.go b/crypto/bls/bls.go index 4744ef947..c3a788d0f 100644 --- a/crypto/bls/bls.go +++ b/crypto/bls/bls.go @@ -2,6 +2,7 @@ package bls import ( "bytes" + "crypto/sha512" "crypto/subtle" "fmt" @@ -46,6 +47,71 @@ func init() { // PrivKeyBLS12 implements crypto.PrivKey. type PrivKeyBLS12 [PrivKeyBLS12Size]byte +// AddSignature adds a BLS signature to the init. When the init is nil, then a new aggregate signature is built +// from specified signature. +func AddSignature(init []byte, signature []byte) (aggrSign []byte, err error) { + if init == nil { + blsSign := bls.Sign{} + init = blsSign.Serialize() + } else if len(init) != SignatureSize { + err = fmt.Errorf("invalid BLS signature: aggregated signature size %d is not valid size %d", + len(init), SignatureSize) + return + } + if len(signature) != SignatureSize { + err = fmt.Errorf("invalid BLS signature: signature size %d is not valid size %d", + len(signature), SignatureSize) + return + } + blsSign := bls.Sign{} + err = blsSign.Deserialize(signature) + if err != nil { + return + } + aggrBLSSign := bls.Sign{} + err = aggrBLSSign.Deserialize(init) + if err != nil { + return + } + aggrBLSSign.Add(&blsSign) + aggrSign = aggrBLSSign.Serialize() + return +} + +func VerifyAggregatedSignature(aggregatedSignature []byte, pubKeys []PubKeyBLS12, msgs [][]byte) error { + if len(pubKeys) != len(msgs) { + return fmt.Errorf("the number of public keys %d doesn't match the one of messages %d", + len(pubKeys), len(msgs)) + } + if aggregatedSignature == nil { + if len(pubKeys) == 0 { + return nil + } + return fmt.Errorf( + "the aggregate signature was omitted, even though %d public keys were specified", len(pubKeys)) + } + aggrSign := bls.Sign{} + err := aggrSign.Deserialize(aggregatedSignature) + if err != nil { + return err + } + blsPubKeys := make([]bls.PublicKey, len(pubKeys)) + hashes := make([][]byte, len(msgs)) + for i := 0; i < len(pubKeys); i++ { + blsPubKeys[i] = bls.PublicKey{} + err = blsPubKeys[i].Deserialize(pubKeys[i][:]) + if err != nil { + return err + } + hash := sha512.Sum512_256(msgs[i]) + hashes[i] = hash[:] + } + if !aggrSign.VerifyAggregateHashes(blsPubKeys, hashes) { + return fmt.Errorf("failed to verify the aggregated hashes by %d public keys", len(blsPubKeys)) + } + return nil +} + // GenPrivKey generates a new BLS12-381 private key. func GenPrivKey() PrivKeyBLS12 { sigKey := bls.SecretKey{} @@ -74,7 +140,8 @@ func (privKey PrivKeyBLS12) Sign(msg []byte) ([]byte, error) { if err != nil { panic(fmt.Sprintf("Failed to copy the private key: %s", err)) } - sign := blsKey.SignByte(msg) + hash := sha512.Sum512_256(msg) + sign := blsKey.SignHash(hash[:]) return sign.Serialize(), nil } @@ -143,7 +210,8 @@ func (pubKey PubKeyBLS12) VerifyBytes(msg []byte, sig []byte) bool { if err != nil { return false } - return blsSign.VerifyByte(&blsPubKey, msg) + hash := sha512.Sum512_256(msg) + return blsSign.VerifyHash(&blsPubKey, hash[:]) } // VRFVerify is not supported in BLS12. diff --git a/crypto/bls/bls_test.go b/crypto/bls/bls_test.go index f00df1da6..4058d2521 100644 --- a/crypto/bls/bls_test.go +++ b/crypto/bls/bls_test.go @@ -2,8 +2,12 @@ package bls_test import ( "bytes" + "crypto/sha256" "fmt" + "math/rand" + "reflect" "testing" + "time" b "github.com/herumi/bls-eth-go-binary/bls" "github.com/stretchr/testify/assert" @@ -234,6 +238,247 @@ func TestBasicSignatureFunctions(t *testing.T) { } } +func TestSignatureAggregationAndVerify(t *testing.T) { + privKeys := make([]b.SecretKey, 25) + pubKeys := make([]b.PublicKey, len(privKeys)) + msgs := make([][]byte, len(privKeys)) + hash32s := make([][32]byte, len(privKeys)) + signatures := make([]b.Sign, len(privKeys)) + for i, privKey := range privKeys { + privKey.SetByCSPRNG() + pubKeys[i] = *privKey.GetPublicKey() + msgs[i] = []byte(fmt.Sprintf("hello, world #%d", i)) + hash32s[i] = sha256.Sum256(msgs[i]) + signatures[i] = *privKey.SignHash(hash32s[i][:]) + + // normal single-hash case + if !signatures[i].VerifyHash(&pubKeys[i], hash32s[i][:]) { + t.Fail() + } + + // in case where 1-bit of hash was garbled + garbledHash := make([]byte, len(msgs[i])) + copy(garbledHash, msgs[i]) + garbledHash[0] ^= 1 << 0 + if garbledHash[0] == msgs[i][0] || signatures[i].VerifyByte(&pubKeys[i], garbledHash) { + t.Fail() + } + + // Verification using an invalid public key + } + + // aggregation + multiSig := b.Sign{} + multiSig.Aggregate(signatures) + + // normal case + hashes := make([][]byte, len(privKeys)) + for i := 0; i < len(hashes); i++ { + hashes[i] = hash32s[i][:] + } + if !multiSig.VerifyAggregateHashes(pubKeys, hashes) { + t.Fatalf("failed to validate the aggregate signature of the hashed message") + } + + // in case where 1-bit of signature was garbled + multiSigBytes := multiSig.Serialize() + for i := range multiSigBytes { + for j := 0; j < 8; j++ { + garbledMultiSigBytes := make([]byte, len(multiSigBytes)) + copy(garbledMultiSigBytes, multiSigBytes) + garbledMultiSigBytes[i] ^= 1 << j + if garbledMultiSigBytes[i] == multiSigBytes[i] { + t.Fail() + } + garbledMultiSig := b.Sign{} + err := garbledMultiSig.Deserialize(garbledMultiSigBytes) + if err == nil { + // Note that in some cases Deserialize() fails + if garbledMultiSig.VerifyAggregateHashes(pubKeys, hashes) { + t.Errorf("successfully verified the redacted signature") + } + } + } + } + + // in case a public key used for verification is replaced + invalidPrivKey := b.SecretKey{} + invalidPrivKey.SetByCSPRNG() + invalidPubKeys := make([]b.PublicKey, len(pubKeys)) + copy(invalidPubKeys, pubKeys) + invalidPubKeys[len(invalidPubKeys)-1] = *invalidPrivKey.GetPublicKey() + if multiSig.VerifyAggregateHashes(invalidPubKeys, hashes) { + t.Fatalf("successfully verified that it contains a public key that was not involved in the signing") + } + + // in case a hash used for verification is replaced + invalidHashes := make([][]byte, len(hashes)) + copy(invalidHashes, hashes) + invalidHash := sha256.Sum256([]byte("hello, world #99")) + invalidHashes[len(invalidHashes)-1] = invalidHash[:] + if multiSig.VerifyAggregateHashes(pubKeys, invalidHashes) { + t.Fatalf("successfully verified that it contains a hash that was not involved in the signing") + } +} + +func generatePubKeysAndSigns(t *testing.T, size int) ([]bls.PubKeyBLS12, [][]byte, [][]byte) { + pubKeys := make([]bls.PubKeyBLS12, size) + msgs := make([][]byte, len(pubKeys)) + sigs := make([][]byte, len(pubKeys)) + for i := 0; i < len(pubKeys); i++ { + var err error + privKey := bls.GenPrivKey() + pubKeys[i] = blsPublicKey(t, privKey.PubKey()) + msgs[i] = []byte(fmt.Sprintf("hello, workd #%d", i)) + sigs[i], err = privKey.Sign(msgs[i]) + if err != nil { + t.Fatal(fmt.Sprintf("fail to sign: %s", err)) + } + if !pubKeys[i].VerifyBytes(msgs[i], sigs[i]) { + t.Fatal("fail to verify signature") + } + } + return pubKeys, msgs, sigs +} + +func blsPublicKey(t *testing.T, pubKey crypto.PubKey) bls.PubKeyBLS12 { + blsPubKey, ok := pubKey.(bls.PubKeyBLS12) + if !ok { + var keyType string + if t := reflect.TypeOf(pubKey); t.Kind() == reflect.Ptr { + keyType = "*" + t.Elem().Name() + } else { + keyType = t.Name() + } + t.Fatal(fmt.Sprintf("specified public key is not for BLS: %s", keyType)) + } + return blsPubKey +} + +func aggregateSignatures(init []byte, signatures [][]byte) (aggrSig []byte, err error) { + aggrSig = init + for _, sign := range signatures { + aggrSig, err = bls.AddSignature(aggrSig, sign) + if err != nil { + return + } + } + return +} + +func TestAggregatedSignature(t *testing.T) { + + // generate BLS signatures and public keys + pubKeys, msgs, sigs := generatePubKeysAndSigns(t, 25) + + // aggregate signatures + aggrSig, err := aggregateSignatures(nil, sigs) + if err != nil { + t.Error(fmt.Sprintf("fail to aggregate BLS signatures: %s", err)) + } + if len(aggrSig) != bls.SignatureSize { + t.Error(fmt.Sprintf("inconpatible signature size: %d != %d", len(aggrSig), bls.SignatureSize)) + } + + // validate the aggregated signature + if err := bls.VerifyAggregatedSignature(aggrSig, pubKeys, msgs); err != nil { + t.Errorf("fail to verify aggregated signature: %s", err) + } + + // validate with the public keys and messages pair in random order + t.Run("Doesn't Depend on the Order of PublicKey-Message Pairs", func(t *testing.T) { + shuffledPubKeys := make([]bls.PubKeyBLS12, len(pubKeys)) + shuffledMsgs := make([][]byte, len(msgs)) + copy(shuffledPubKeys, pubKeys) + copy(shuffledMsgs, msgs) + rand.Seed(time.Now().UnixNano()) + rand.Shuffle(len(shuffledPubKeys), func(i, j int) { + shuffledPubKeys[i], shuffledPubKeys[j] = shuffledPubKeys[j], shuffledPubKeys[i] + shuffledMsgs[i], shuffledMsgs[j] = shuffledMsgs[j], shuffledMsgs[i] + }) + if err := bls.VerifyAggregatedSignature(aggrSig, shuffledPubKeys, shuffledMsgs); err != nil { + t.Errorf("fail to verify the aggregated signature with random order: %s", err) + } + }) + + // validate with the public keys in random order + t.Run("Incorrect Public Key Order", func(t *testing.T) { + shuffledPubKeys := make([]bls.PubKeyBLS12, len(pubKeys)) + copy(shuffledPubKeys, pubKeys) + rand.Seed(time.Now().UnixNano()) + rand.Shuffle(len(shuffledPubKeys), func(i, j int) { + shuffledPubKeys[i], shuffledPubKeys[j] = shuffledPubKeys[j], shuffledPubKeys[i] + }) + if err := bls.VerifyAggregatedSignature(aggrSig, shuffledPubKeys, msgs); err == nil { + t.Error("successfully validated with public keys of different order") + } + }) + + // validate with the messages in random order + t.Run("Incorrect Message Order", func(t *testing.T) { + shuffledMsgs := make([][]byte, len(msgs)) + copy(shuffledMsgs, msgs) + rand.Seed(time.Now().UnixNano()) + rand.Shuffle(len(shuffledMsgs), func(i, j int) { + shuffledMsgs[i], shuffledMsgs[j] = shuffledMsgs[j], shuffledMsgs[i] + }) + if err := bls.VerifyAggregatedSignature(aggrSig, pubKeys, shuffledMsgs); err == nil { + t.Error("successfully validated with messages of different order") + } + }) + + // replace one public key with another and detect + t.Run("Replace One Public Key", func(t *testing.T) { + pubKey, _ := bls.GenPrivKey().PubKey().(bls.PubKeyBLS12) + replacedPubKeys := make([]bls.PubKeyBLS12, len(pubKeys)) + copy(replacedPubKeys, pubKeys) + replacedPubKeys[0] = pubKey + if err := bls.VerifyAggregatedSignature(aggrSig, replacedPubKeys, msgs); err == nil { + t.Error("verification with an invalid key was successful") + } + }) + + // replace one message with another and detect + t.Run("Replace One Message", func(t *testing.T) { + msg := []byte(fmt.Sprintf("hello, world #%d replaced", len(msgs))) + replacedMsgs := make([][]byte, len(msgs)) + copy(replacedMsgs, msgs) + replacedMsgs[0] = msg + if err := bls.VerifyAggregatedSignature(aggrSig, pubKeys, replacedMsgs); err == nil { + t.Error("verification with an invalid message was successful") + } + }) + + // add new signature to existing aggregated signature and verify + t.Run("Incremental Update", func(t *testing.T) { + msg := []byte(fmt.Sprintf("hello, world #%d", len(msgs))) + privKey := bls.GenPrivKey() + pubKey := privKey.PubKey() + sig, err := privKey.Sign(msg) + assert.Nilf(t, err, "%s", err) + newAggrSig, _ := aggregateSignatures(aggrSig, [][]byte{sig}) + newPubKeys := make([]bls.PubKeyBLS12, len(pubKeys)) + copy(newPubKeys, pubKeys) + newPubKeys = append(newPubKeys, blsPublicKey(t, pubKey)) + newMsgs := make([][]byte, len(msgs)) + copy(newMsgs, msgs) + newMsgs = append(newMsgs, msg) + if err := bls.VerifyAggregatedSignature(newAggrSig, newPubKeys, newMsgs); err != nil { + t.Errorf("fail to verify the aggregate signature with the new signature: %s", err) + } + }) + + // nil is returned for nil and empty signature + nilSig, _ := aggregateSignatures(nil, [][]byte{}) + assert.Nil(t, nilSig) + + // a non-BLS signature contained + func() { + _, err = aggregateSignatures(nil, [][]byte{make([]byte, 0)}) + assert.NotNil(t, err) + }() +} + func TestSignatureAggregation(t *testing.T) { publicKeys := make([]b.PublicKey, 25) aggregatedSignature := b.Sign{} diff --git a/crypto/composite/composite.go b/crypto/composite/composite.go index fbc792cbf..4115b61c7 100644 --- a/crypto/composite/composite.go +++ b/crypto/composite/composite.go @@ -3,11 +3,10 @@ package composite import ( "bytes" + "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/crypto/bls" "github.com/tendermint/tendermint/crypto/ed25519" "github.com/tendermint/tendermint/crypto/tmhash" - - "github.com/tendermint/tendermint/crypto" ) // PubKeyComposite and PrivKeyComposite are intended to allow public key algorithms to be selected for each function. diff --git a/crypto/composite/composite_test.go b/crypto/composite/composite_test.go index c85327b03..29ca85b35 100644 --- a/crypto/composite/composite_test.go +++ b/crypto/composite/composite_test.go @@ -2,8 +2,14 @@ package composite_test import ( "bytes" + "encoding/base64" + "encoding/hex" + "fmt" "testing" + "github.com/tendermint/go-amino" + + "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/crypto/bls" "github.com/tendermint/tendermint/crypto/composite" "github.com/tendermint/tendermint/crypto/ed25519" @@ -170,3 +176,113 @@ func TestPubKeyComposite_VRFVerify(t *testing.T) { t.Errorf("Output is different from the VRF key.") } } + +func TestEnvironmentalCompatibility(t *testing.T) { + var cdc = amino.NewCodec() + cdc.RegisterInterface((*crypto.PrivKey)(nil), nil) + cdc.RegisterInterface((*crypto.PubKey)(nil), nil) + cdc.RegisterConcrete(bls.PubKeyBLS12{}, bls.PubKeyAminoName, nil) + cdc.RegisterConcrete(bls.PrivKeyBLS12{}, bls.PrivKeyAminoName, nil) + cdc.RegisterConcrete(ed25519.PubKeyEd25519{}, ed25519.PubKeyAminoName, nil) + cdc.RegisterConcrete(ed25519.PrivKeyEd25519{}, ed25519.PrivKeyAminoName, nil) + cdc.RegisterConcrete(composite.PubKeyComposite{}, composite.PubKeyCompositeAminoName, nil) + cdc.RegisterConcrete(composite.PrivKeyComposite{}, composite.PrivKeyCompositeAminoName, nil) + + t.Run("MarshalCompositeKey", func(t *testing.T) { + privKey := composite.GenPrivKey() + privKeyBytes, err := cdc.MarshalBinaryBare(privKey) + if err != nil { + t.Fatal(err) + } + fmt.Printf("PrivKeyComposite: %s\n", hex.EncodeToString(privKeyBytes)) + }) + + t.Run("The same signature is generated from the same key binary for any runtime env", func(t *testing.T) { + privKeyBytes, err := hex.DecodeString("9f3ee8f00a25eaecf03f203761de9e836bed524dd0b2737c56b69f69672c2b3e40" + + "31b74817474c62b204221245a328891040c69e39ac62519a09895babbb84d6a3a8ea4b69a61760e0c0b04052e252c272ef478fb" + + "da7337ad81ed4202d2bb3ad8240e17248aae2dc169b2e12b45b366d09be") + if err != nil { + t.Fatal(err) + } + compositePrivKey := composite.PrivKeyComposite{} + if err := cdc.UnmarshalBinaryBare(privKeyBytes, &compositePrivKey); err != nil { + t.Fatal(err) + } + msg := []byte("hello, world") + actual, err := compositePrivKey.Sign(msg) + if err != nil { + t.Fatal(err) + } + expected, err := hex.DecodeString("b6bf1dbc3a0d67f19a64d8be04bac7b6bb0963698e1711b3955593f23bf325902298a4" + + "9132ce4ebf452302f21af95da307186574106a5cbdc630a43d3269db99e5ecbf99d4798d8dc681dac1d60f6e43868860ae247e9" + + "e66287774df12e79569") + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(expected, actual) { + t.Logf("Expected Signature: %s (%d bytes)", hex.EncodeToString(expected), len(expected)) + t.Logf("Actual Signature: %s (%d bytes)", hex.EncodeToString(actual), len(actual)) + t.Errorf("Signatures generated from the same key and message are different than expected") + } + }) + + // https://github.com/line/tendermint/issues/121 + t.Run("A reproduction test of issue #121", func(t *testing.T) { + + // restore BLS private key from base64 string in priv_validator_key.json + blsPrivKey := bls.PrivKeyBLS12{} + blsPrivKeyBytes, err := base64.StdEncoding.DecodeString("BpqODFajV6NnQhBfT8ERyvwyqPoZS664e1v35sfr76g=") + if err != nil { + t.Fatal(err) + } else if len(blsPrivKeyBytes) != bls.PrivKeyBLS12Size { + t.Fatalf("fixed private key size: %d != %d", bls.PrivKeyBLS12Size, len(blsPrivKeyBytes)) + } + copy(blsPrivKey[:], blsPrivKeyBytes) + + // restore Ed25519 private key from base64 string in priv_validator_key.json + ed25519PrivKey := ed25519.PrivKeyEd25519{} + ed25519PrivKeyBytes, err := base64.StdEncoding.DecodeString("TGb5K4TbD1XdNd0HGEt7I6quhTJ2aSckgPLLBKs8hDUC" + + "4Wh8kfEmnRUeMYtR8V0UfNwQyTYqGupZeyIhJcV1TA==") + if err != nil { + t.Fatal(err) + } else if len(ed25519PrivKeyBytes) != len(ed25519PrivKey) { + t.Fatalf("fixed private key size: %d != %d", len(ed25519PrivKey), len(ed25519PrivKeyBytes)) + } + copy(ed25519PrivKey[:], ed25519PrivKeyBytes) + + // compare addresses to assumed value + compositePrivKey := composite.NewPrivKeyComposite(blsPrivKey, ed25519PrivKey) + compositePubKey := compositePrivKey.PubKey() + address, err := hex.DecodeString("7A68265205CB115AE35A13515C423F1721E87BB4") + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(address, compositePubKey.Address()) { + t.Fatalf("addresses didn't match: %s", hex.EncodeToString(compositePubKey.Address())) + } + + // compare generated signature to assumed value + message, err := hex.DecodeString("44080111010000000000000022300A147A68265205CB115AE35A13515C423F1721E87BB" + + "412180A147A68265205CB115AE35A13515C423F1721E87BB410013205636861696E") + if err != nil { + t.Fatal(err) + } + signature, err := compositePrivKey.Sign(message) + if err != nil { + t.Fatal(err) + } + expectedSig, err := hex.DecodeString("a00a8a8143fff615e3df98e9b4a493b0ffc5cf1cee14c55d4c667c34651392331c4d" + + "5a1bf0a15d018262d61f74a59cc80775217b81363796e50aac7ce7542424a2eb84fbaf787f7a1c00229682ac4bb0a45f67cdf43f" + + "b21b091f25a0a8bd51ae") + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(expectedSig, signature) { + t.Logf("Address: %s", hex.EncodeToString(address)) + t.Logf("Message: %s (%d bytes)", hex.EncodeToString(message), len(message)) + t.Logf("Expected Signature: %s (%d bytes)", hex.EncodeToString(expectedSig), len(expectedSig)) + t.Logf("Actual Signature: %s (%d bytes)", hex.EncodeToString(signature), len(signature)) + t.Errorf("Different signatures are made for the same message with the same private key.") + } + }) +} diff --git a/crypto/ed25519/ed25519.go b/crypto/ed25519/ed25519.go index 8b54d08e0..2d1ac6914 100644 --- a/crypto/ed25519/ed25519.go +++ b/crypto/ed25519/ed25519.go @@ -10,6 +10,7 @@ import ( amino "github.com/tendermint/go-amino" "golang.org/x/crypto/ed25519" + "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/crypto/tmhash" ) diff --git a/proto/types/types.pb.go b/proto/types/types.pb.go index cbc58d4ad..9c7a2cba5 100644 --- a/proto/types/types.pb.go +++ b/proto/types/types.pb.go @@ -536,15 +536,18 @@ func (m *Vote) GetSignature() []byte { // Commit contains the evidence that a block was committed by a set of validators. type Commit struct { - Height int64 `protobuf:"varint,1,opt,name=height,proto3" json:"height,omitempty"` - Round int32 `protobuf:"varint,2,opt,name=round,proto3" json:"round,omitempty"` - BlockID BlockID `protobuf:"bytes,3,opt,name=block_id,json=blockId,proto3" json:"block_id"` - Signatures []CommitSig `protobuf:"bytes,4,rep,name=signatures,proto3" json:"signatures"` - Hash []byte `protobuf:"bytes,5,opt,name=hash,proto3" json:"hash,omitempty"` - BitArray *bits.BitArray `protobuf:"bytes,6,opt,name=bit_array,json=bitArray,proto3" json:"bit_array,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Height int64 `protobuf:"varint,1,opt,name=height,proto3" json:"height,omitempty"` + Round int32 `protobuf:"varint,2,opt,name=round,proto3" json:"round,omitempty"` + BlockID BlockID `protobuf:"bytes,3,opt,name=block_id,json=blockId,proto3" json:"block_id"` + Signatures []CommitSig `protobuf:"bytes,4,rep,name=signatures,proto3" json:"signatures"` + Hash []byte `protobuf:"bytes,5,opt,name=hash,proto3" json:"hash,omitempty"` + BitArray *bits.BitArray `protobuf:"bytes,6,opt,name=bit_array,json=bitArray,proto3" json:"bit_array,omitempty"` + // Additional field that LINE Blockchain uses for aggregated signature. For protobuf, the tags in the 1 to 15 is + // packed into a single byte, so we use 15 to account for differential expansions imported from Tendermint. + AggregatedSignature []byte `protobuf:"bytes,15,opt,name=aggregated_signature,json=aggregatedSignature,proto3" json:"aggregated_signature,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Commit) Reset() { *m = Commit{} } @@ -613,6 +616,13 @@ func (m *Commit) GetBitArray() *bits.BitArray { return nil } +func (m *Commit) GetAggregatedSignature() []byte { + if m != nil { + return m.AggregatedSignature + } + return nil +} + // CommitSig is a part of the Vote included in a Commit. type CommitSig struct { BlockIdFlag BlockIDFlag `protobuf:"varint,1,opt,name=block_id_flag,json=blockIdFlag,proto3,enum=tendermint.proto.types.BlockIDFlag" json:"block_id_flag,omitempty"` @@ -889,86 +899,87 @@ func init() { func init() { proto.RegisterFile("proto/types/types.proto", fileDescriptor_ff06f8095857fb18) } var fileDescriptor_ff06f8095857fb18 = []byte{ - // 1286 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0xcd, 0x6e, 0xdb, 0xc6, - 0x13, 0x37, 0x25, 0xca, 0x92, 0x86, 0x92, 0x2d, 0xf3, 0xef, 0x7f, 0xa2, 0xca, 0xad, 0xa5, 0xc8, - 0x4d, 0xea, 0x7c, 0x80, 0x2a, 0x5c, 0xa0, 0x68, 0x80, 0x5e, 0x24, 0xdb, 0x71, 0x84, 0xd8, 0xb2, - 0x40, 0xa9, 0xe9, 0xc7, 0x85, 0x58, 0x89, 0x1b, 0x8a, 0x08, 0x45, 0x12, 0xdc, 0x95, 0x61, 0xa7, - 0x40, 0xcf, 0x85, 0x4f, 0x7d, 0x01, 0x5f, 0x9a, 0x16, 0xe8, 0x5b, 0xb4, 0xc7, 0x9e, 0xfa, 0x08, - 0x29, 0x90, 0xbe, 0x42, 0x1f, 0xa0, 0xd8, 0x0f, 0x52, 0x52, 0x64, 0xb7, 0x41, 0x93, 0x5e, 0x12, - 0xee, 0xcc, 0x6f, 0x66, 0x77, 0x7e, 0xf3, 0x9b, 0x5d, 0x19, 0xae, 0x87, 0x51, 0x40, 0x83, 0x06, - 0x3d, 0x0b, 0x31, 0x11, 0xff, 0x1a, 0xdc, 0xa2, 0x5f, 0xa3, 0xd8, 0xb7, 0x71, 0x34, 0x76, 0x7d, - 0x2a, 0x2c, 0x06, 0xf7, 0x56, 0x6e, 0xd1, 0x91, 0x1b, 0xd9, 0x56, 0x88, 0x22, 0x7a, 0xd6, 0x10, - 0xc1, 0x4e, 0xe0, 0x04, 0xd3, 0x2f, 0x81, 0xae, 0x54, 0x9d, 0x20, 0x70, 0x3c, 0x2c, 0x20, 0x83, - 0xc9, 0x93, 0x06, 0x75, 0xc7, 0x98, 0x50, 0x34, 0x0e, 0x25, 0x60, 0x43, 0x84, 0x78, 0xee, 0x80, - 0x34, 0x06, 0x2e, 0x9d, 0xdb, 0xbd, 0x52, 0x15, 0xce, 0x61, 0x74, 0x16, 0xd2, 0xa0, 0x31, 0xc6, - 0xd1, 0x53, 0x0f, 0xcf, 0x01, 0x64, 0xf4, 0x09, 0x8e, 0x88, 0x1b, 0xf8, 0xf1, 0xff, 0xc2, 0x59, - 0xbf, 0x0f, 0xc5, 0x2e, 0x8a, 0x68, 0x0f, 0xd3, 0x87, 0x18, 0xd9, 0x38, 0xd2, 0xd7, 0x21, 0x43, - 0x03, 0x8a, 0xbc, 0xb2, 0x52, 0x53, 0xb6, 0xd3, 0xa6, 0x58, 0xe8, 0x3a, 0xa8, 0x23, 0x44, 0x46, - 0xe5, 0x54, 0x4d, 0xd9, 0x2e, 0x98, 0xfc, 0xbb, 0xfe, 0x35, 0xa8, 0x2c, 0x94, 0x45, 0xb8, 0xbe, - 0x8d, 0x4f, 0x79, 0x44, 0xd1, 0x14, 0x0b, 0x66, 0x1d, 0x9c, 0x51, 0x4c, 0x64, 0x88, 0x58, 0xe8, - 0x07, 0x90, 0x09, 0xa3, 0x20, 0x78, 0x52, 0x4e, 0xd7, 0x94, 0x6d, 0x6d, 0xe7, 0xae, 0xb1, 0x40, - 0x9d, 0xa8, 0xc3, 0x10, 0x75, 0x18, 0x3d, 0x77, 0x1c, 0x7a, 0xb8, 0xcb, 0x42, 0x5a, 0xea, 0xaf, - 0x2f, 0xaa, 0x4b, 0xa6, 0x88, 0xaf, 0x8f, 0x21, 0xdb, 0xf2, 0x82, 0xe1, 0xd3, 0xf6, 0x5e, 0x72, - 0x36, 0x65, 0x7a, 0x36, 0xbd, 0x03, 0x05, 0x46, 0x3b, 0xb1, 0x46, 0xbc, 0x2a, 0x7e, 0x08, 0x6d, - 0xe7, 0xa6, 0x71, 0x79, 0xa7, 0x8c, 0x39, 0x0a, 0xe4, 0x46, 0x1a, 0x4f, 0x20, 0x4c, 0xf5, 0xef, - 0x33, 0xb0, 0x2c, 0x09, 0xda, 0x85, 0xac, 0xa4, 0x90, 0xef, 0xa8, 0xed, 0x6c, 0x2d, 0x66, 0x8d, - 0x39, 0xde, 0x0d, 0x7c, 0x82, 0x7d, 0x32, 0x21, 0x32, 0x67, 0x1c, 0xa9, 0xdf, 0x82, 0xdc, 0x70, - 0x84, 0x5c, 0xdf, 0x72, 0x6d, 0x7e, 0xb6, 0x7c, 0x4b, 0x7b, 0xf9, 0xa2, 0x9a, 0xdd, 0x65, 0xb6, - 0xf6, 0x9e, 0x99, 0xe5, 0xce, 0xb6, 0xad, 0x5f, 0x83, 0xe5, 0x11, 0x76, 0x9d, 0x11, 0xe5, 0x84, - 0xa5, 0x4d, 0xb9, 0xd2, 0x3f, 0x01, 0x95, 0x89, 0xa4, 0xac, 0xf2, 0x13, 0x54, 0x0c, 0xa1, 0x20, - 0x23, 0x56, 0x90, 0xd1, 0x8f, 0x15, 0xd4, 0xca, 0xb1, 0x8d, 0xbf, 0xfb, 0xbd, 0xaa, 0x98, 0x3c, - 0x42, 0xff, 0x02, 0x8a, 0x1e, 0x22, 0xd4, 0x1a, 0x30, 0xf6, 0xd8, 0xf6, 0x19, 0x9e, 0xa2, 0x7a, - 0x15, 0x35, 0x92, 0xe5, 0xd6, 0xff, 0x58, 0x9e, 0x97, 0x2f, 0xaa, 0xda, 0x21, 0x22, 0x54, 0x1a, - 0x4d, 0xcd, 0x4b, 0x16, 0xb6, 0xbe, 0x0d, 0x25, 0x9e, 0x79, 0x18, 0x8c, 0xc7, 0x2e, 0xb5, 0x78, - 0x4f, 0x96, 0x79, 0x4f, 0x56, 0x98, 0x7d, 0x97, 0x9b, 0x1f, 0xb2, 0xee, 0x6c, 0x40, 0xde, 0x46, - 0x14, 0x09, 0x48, 0x96, 0x43, 0x72, 0xcc, 0xc0, 0x9d, 0x55, 0xd0, 0x4e, 0x02, 0x8a, 0x23, 0x22, - 0xdc, 0x39, 0xee, 0x06, 0x61, 0xe2, 0x80, 0x0f, 0x60, 0xf5, 0x04, 0x79, 0xae, 0x8d, 0x68, 0x10, - 0x83, 0xf2, 0x62, 0x9b, 0xa9, 0x99, 0x03, 0x3f, 0x84, 0x75, 0x1f, 0x9f, 0x52, 0xeb, 0x55, 0x34, - 0x70, 0xb4, 0xce, 0x7c, 0x8f, 0xe7, 0x23, 0x6e, 0xc2, 0xca, 0x30, 0x6e, 0x99, 0xc0, 0x6a, 0x1c, - 0x5b, 0x4c, 0xac, 0x1c, 0xf6, 0x0e, 0xe4, 0x50, 0x18, 0x0a, 0x40, 0x81, 0x03, 0xb2, 0x28, 0x0c, - 0xb9, 0xeb, 0x0e, 0xac, 0x71, 0x12, 0x22, 0x4c, 0x26, 0x1e, 0x95, 0x49, 0x8a, 0x1c, 0xb3, 0xca, - 0x1c, 0xa6, 0xb0, 0x73, 0xec, 0x16, 0x14, 0xf1, 0x89, 0x6b, 0x63, 0x7f, 0x88, 0x05, 0x6e, 0x85, - 0xe3, 0x0a, 0xb1, 0x91, 0x83, 0x6e, 0x43, 0x29, 0x8c, 0x82, 0x30, 0x20, 0x38, 0xb2, 0x90, 0x6d, - 0x47, 0x98, 0x90, 0xf2, 0xaa, 0xc8, 0x17, 0xdb, 0x9b, 0xc2, 0x5c, 0xbf, 0x07, 0xea, 0x1e, 0xa2, - 0x48, 0x2f, 0x41, 0x9a, 0x9e, 0x92, 0xb2, 0x52, 0x4b, 0x6f, 0x17, 0x4c, 0xf6, 0x79, 0xe9, 0xf8, - 0xfe, 0x99, 0x02, 0xf5, 0x71, 0x40, 0xb1, 0x7e, 0x1f, 0x54, 0xd6, 0x6a, 0xae, 0xe6, 0x95, 0xab, - 0x67, 0xa4, 0xe7, 0x3a, 0x3e, 0xb6, 0x8f, 0x88, 0xd3, 0x3f, 0x0b, 0xb1, 0xc9, 0x43, 0x66, 0xe4, - 0x99, 0x9a, 0x93, 0xe7, 0x3a, 0x64, 0xa2, 0x60, 0xe2, 0xdb, 0x52, 0xb5, 0x62, 0xa1, 0x3f, 0x82, - 0x5c, 0xa2, 0x3a, 0xf5, 0xf5, 0x54, 0xb7, 0x2a, 0x55, 0x17, 0x0f, 0xbb, 0x99, 0x1d, 0x48, 0xb5, - 0xb5, 0x20, 0x9f, 0x5c, 0x93, 0x52, 0xc3, 0xaf, 0x37, 0x06, 0xd3, 0x30, 0xfd, 0x2e, 0xac, 0x25, - 0xda, 0x48, 0xc8, 0x15, 0x92, 0x2d, 0x25, 0x0e, 0xc9, 0xee, 0x9c, 0xec, 0x2c, 0x71, 0xe1, 0x65, - 0x79, 0x75, 0x53, 0xd9, 0xb5, 0xf9, 0xcd, 0xf7, 0x2e, 0xe4, 0x89, 0xeb, 0xf8, 0x88, 0x4e, 0x22, - 0x2c, 0xe5, 0x3b, 0x35, 0xd4, 0x9f, 0xa7, 0x60, 0x59, 0x8c, 0xc2, 0x0c, 0x7b, 0xca, 0xe5, 0xec, - 0x31, 0x52, 0x33, 0x97, 0xb1, 0x97, 0x7e, 0x53, 0xf6, 0x0e, 0x00, 0x92, 0x23, 0x91, 0xb2, 0x5a, - 0x4b, 0x6f, 0x6b, 0x3b, 0x37, 0xae, 0x4a, 0x27, 0x8e, 0xdb, 0x73, 0x1d, 0x79, 0x8b, 0xcd, 0x84, - 0x26, 0xca, 0xca, 0xcc, 0x5c, 0xbe, 0x4d, 0xc8, 0x0f, 0x5c, 0x6a, 0xa1, 0x28, 0x42, 0x67, 0x9c, - 0x4e, 0x6d, 0xe7, 0xfd, 0xc5, 0xdc, 0xec, 0x35, 0x33, 0xd8, 0x6b, 0x66, 0xb4, 0x5c, 0xda, 0x64, - 0x58, 0x33, 0x37, 0x90, 0x5f, 0xf5, 0x3f, 0x14, 0xc8, 0x27, 0xdb, 0xea, 0x07, 0x50, 0x8c, 0x4b, - 0xb7, 0x9e, 0x78, 0xc8, 0x91, 0x52, 0xdd, 0xfa, 0x87, 0xfa, 0x1f, 0x78, 0xc8, 0x31, 0x35, 0x59, - 0x32, 0x5b, 0x5c, 0xde, 0xf0, 0xd4, 0x15, 0x0d, 0x9f, 0x53, 0x58, 0xfa, 0xdf, 0x29, 0x6c, 0x4e, - 0x0b, 0xea, 0xab, 0x5a, 0xf8, 0x39, 0x05, 0xb9, 0x2e, 0x1f, 0x62, 0xe4, 0xfd, 0xe7, 0x63, 0x98, - 0x08, 0x69, 0x03, 0xf2, 0x61, 0xe0, 0x59, 0xc2, 0xa3, 0x72, 0x4f, 0x2e, 0x0c, 0x3c, 0x73, 0x41, - 0x65, 0x99, 0xb7, 0x3a, 0xa3, 0xcb, 0x6f, 0x81, 0xc1, 0xec, 0xab, 0x0c, 0x7e, 0x03, 0x05, 0x41, - 0x88, 0x7c, 0x9c, 0x3f, 0x66, 0x4c, 0xf0, 0x17, 0x5f, 0xbc, 0xcd, 0x9b, 0x57, 0x1d, 0x5e, 0xe0, - 0x4d, 0x89, 0x66, 0x71, 0xe2, 0xd9, 0x92, 0xbf, 0x14, 0x36, 0xff, 0x7e, 0x16, 0x4c, 0x89, 0xae, - 0xff, 0xa6, 0x40, 0x9e, 0x97, 0x7d, 0x84, 0x29, 0x9a, 0x23, 0x4f, 0x79, 0x53, 0xf2, 0xde, 0x03, - 0x10, 0xc9, 0x88, 0xfb, 0x0c, 0xcb, 0xc6, 0xe6, 0xb9, 0xa5, 0xe7, 0x3e, 0xc3, 0xfa, 0xa7, 0x49, - 0xa5, 0xe9, 0xd7, 0xa9, 0x54, 0x8e, 0x6e, 0x5c, 0xef, 0x75, 0xc8, 0xfa, 0x93, 0xb1, 0xc5, 0x9e, - 0x09, 0x55, 0x48, 0xc6, 0x9f, 0x8c, 0xfb, 0xa7, 0xe4, 0xce, 0x2f, 0x0a, 0x68, 0x33, 0xe3, 0xa3, - 0x57, 0xe0, 0x5a, 0xeb, 0xf0, 0x78, 0xf7, 0xd1, 0x9e, 0xd5, 0xde, 0xb3, 0x1e, 0x1c, 0x36, 0x0f, - 0xac, 0xcf, 0x3a, 0x8f, 0x3a, 0xc7, 0x9f, 0x77, 0x4a, 0x4b, 0x7a, 0x03, 0xd6, 0xb9, 0x2f, 0x71, - 0x35, 0x5b, 0xbd, 0xfd, 0x4e, 0xbf, 0xa4, 0x54, 0xfe, 0x7f, 0x7e, 0x51, 0x5b, 0x9b, 0x49, 0xd3, - 0x1c, 0x10, 0xec, 0xd3, 0xc5, 0x80, 0xdd, 0xe3, 0xa3, 0xa3, 0x76, 0xbf, 0x94, 0x5a, 0x08, 0x90, - 0x37, 0xe4, 0x6d, 0x58, 0x9b, 0x0f, 0xe8, 0xb4, 0x0f, 0x4b, 0xe9, 0x8a, 0x7e, 0x7e, 0x51, 0x5b, - 0x99, 0x41, 0x77, 0x5c, 0xaf, 0x92, 0xfb, 0xf6, 0xf9, 0xe6, 0xd2, 0x4f, 0x3f, 0x6c, 0x2e, 0xdd, - 0xf9, 0x51, 0x81, 0xe2, 0xdc, 0x94, 0xe8, 0x1b, 0x70, 0xbd, 0xd7, 0x3e, 0xe8, 0xec, 0xef, 0x59, - 0x47, 0xbd, 0x03, 0xab, 0xff, 0x65, 0x77, 0x7f, 0xa6, 0x8a, 0x1b, 0x50, 0xe8, 0x9a, 0xfb, 0x8f, - 0x8f, 0xfb, 0xfb, 0xdc, 0x53, 0x52, 0x2a, 0xab, 0xe7, 0x17, 0x35, 0xad, 0x1b, 0x61, 0xf6, 0x9b, - 0x83, 0xc7, 0xdf, 0x84, 0x95, 0xae, 0xb9, 0x2f, 0x0e, 0x2b, 0x40, 0xa9, 0xca, 0xda, 0xf9, 0x45, - 0xad, 0xd8, 0x8d, 0xb0, 0x10, 0x02, 0x87, 0x6d, 0x41, 0xb1, 0x6b, 0x1e, 0x77, 0x8f, 0x7b, 0xcd, - 0x43, 0x81, 0x4a, 0x57, 0x4a, 0xe7, 0x17, 0xb5, 0x42, 0x3c, 0xe2, 0x0c, 0x34, 0x3d, 0x67, 0xcb, - 0xf8, 0xea, 0x9e, 0xe3, 0xd2, 0xd1, 0x64, 0x60, 0x0c, 0x83, 0x71, 0x63, 0xda, 0xbd, 0xd9, 0xcf, - 0x99, 0x3f, 0x39, 0x06, 0xcb, 0x7c, 0xf1, 0xd1, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x9f, 0x10, - 0x1c, 0xa4, 0x88, 0x0c, 0x00, 0x00, + // 1307 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0xcb, 0x6e, 0xdb, 0x46, + 0x17, 0x36, 0x25, 0xca, 0x92, 0x0e, 0x25, 0x5b, 0x66, 0xfc, 0x27, 0xfa, 0xe5, 0xd6, 0x52, 0xe4, + 0x26, 0x75, 0x2e, 0xa0, 0x5a, 0x17, 0x28, 0x1a, 0xa0, 0x1b, 0xc9, 0x76, 0x1c, 0x21, 0xb6, 0x2c, + 0x50, 0x6a, 0x7a, 0xd9, 0x10, 0x23, 0x71, 0x42, 0x11, 0xa1, 0x48, 0x82, 0x33, 0x32, 0xec, 0x14, + 0xe8, 0xba, 0xf0, 0xaa, 0x2f, 0xe0, 0x4d, 0x2f, 0x40, 0xdf, 0xa2, 0x5d, 0x76, 0xd5, 0x65, 0x97, + 0x29, 0x90, 0xbe, 0x42, 0x1f, 0xa0, 0x98, 0x0b, 0x29, 0x29, 0xb6, 0x5b, 0xa3, 0x49, 0x37, 0xf6, + 0xcc, 0x39, 0xdf, 0x39, 0x73, 0xe6, 0x9b, 0xef, 0xcc, 0x50, 0x70, 0x23, 0x8c, 0x02, 0x1a, 0x34, + 0xe8, 0x49, 0x88, 0x89, 0xf8, 0x6b, 0x70, 0x8b, 0x7e, 0x9d, 0x62, 0xdf, 0xc6, 0xd1, 0xd8, 0xf5, + 0xa9, 0xb0, 0x18, 0xdc, 0x5b, 0xb9, 0x4d, 0x47, 0x6e, 0x64, 0x5b, 0x21, 0x8a, 0xe8, 0x49, 0x43, + 0x04, 0x3b, 0x81, 0x13, 0x4c, 0x47, 0x02, 0x5d, 0xa9, 0x3a, 0x41, 0xe0, 0x78, 0x58, 0x40, 0x06, + 0x93, 0xa7, 0x0d, 0xea, 0x8e, 0x31, 0xa1, 0x68, 0x1c, 0x4a, 0xc0, 0x9a, 0x08, 0xf1, 0xdc, 0x01, + 0x69, 0x0c, 0x5c, 0x3a, 0xb7, 0x7a, 0xa5, 0x2a, 0x9c, 0xc3, 0xe8, 0x24, 0xa4, 0x41, 0x63, 0x8c, + 0xa3, 0x67, 0x1e, 0x9e, 0x03, 0xc8, 0xe8, 0x23, 0x1c, 0x11, 0x37, 0xf0, 0xe3, 0xff, 0xc2, 0x59, + 0x7f, 0x00, 0xc5, 0x2e, 0x8a, 0x68, 0x0f, 0xd3, 0x47, 0x18, 0xd9, 0x38, 0xd2, 0x57, 0x21, 0x43, + 0x03, 0x8a, 0xbc, 0xb2, 0x52, 0x53, 0x36, 0xd3, 0xa6, 0x98, 0xe8, 0x3a, 0xa8, 0x23, 0x44, 0x46, + 0xe5, 0x54, 0x4d, 0xd9, 0x2c, 0x98, 0x7c, 0x5c, 0xff, 0x12, 0x54, 0x16, 0xca, 0x22, 0x5c, 0xdf, + 0xc6, 0xc7, 0x3c, 0xa2, 0x68, 0x8a, 0x09, 0xb3, 0x0e, 0x4e, 0x28, 0x26, 0x32, 0x44, 0x4c, 0xf4, + 0x3d, 0xc8, 0x84, 0x51, 0x10, 0x3c, 0x2d, 0xa7, 0x6b, 0xca, 0xa6, 0xb6, 0x75, 0xcf, 0x38, 0x47, + 0x9d, 0xd8, 0x87, 0x21, 0xf6, 0x61, 0xf4, 0xdc, 0x71, 0xe8, 0xe1, 0x2e, 0x0b, 0x69, 0xa9, 0xbf, + 0xbc, 0xa8, 0x2e, 0x98, 0x22, 0xbe, 0x3e, 0x86, 0x6c, 0xcb, 0x0b, 0x86, 0xcf, 0xda, 0x3b, 0x49, + 0x6d, 0xca, 0xb4, 0x36, 0xbd, 0x03, 0x05, 0x46, 0x3b, 0xb1, 0x46, 0x7c, 0x57, 0xbc, 0x08, 0x6d, + 0xeb, 0x96, 0x71, 0xf1, 0x49, 0x19, 0x73, 0x14, 0xc8, 0x85, 0x34, 0x9e, 0x40, 0x98, 0xea, 0xdf, + 0x66, 0x60, 0x51, 0x12, 0xb4, 0x0d, 0x59, 0x49, 0x21, 0x5f, 0x51, 0xdb, 0xda, 0x38, 0x9f, 0x35, + 0xe6, 0x78, 0x3b, 0xf0, 0x09, 0xf6, 0xc9, 0x84, 0xc8, 0x9c, 0x71, 0xa4, 0x7e, 0x1b, 0x72, 0xc3, + 0x11, 0x72, 0x7d, 0xcb, 0xb5, 0x79, 0x6d, 0xf9, 0x96, 0xf6, 0xf2, 0x45, 0x35, 0xbb, 0xcd, 0x6c, + 0xed, 0x1d, 0x33, 0xcb, 0x9d, 0x6d, 0x5b, 0xbf, 0x0e, 0x8b, 0x23, 0xec, 0x3a, 0x23, 0xca, 0x09, + 0x4b, 0x9b, 0x72, 0xa6, 0x7f, 0x04, 0x2a, 0x13, 0x49, 0x59, 0xe5, 0x15, 0x54, 0x0c, 0xa1, 0x20, + 0x23, 0x56, 0x90, 0xd1, 0x8f, 0x15, 0xd4, 0xca, 0xb1, 0x85, 0xbf, 0xf9, 0xbd, 0xaa, 0x98, 0x3c, + 0x42, 0xff, 0x0c, 0x8a, 0x1e, 0x22, 0xd4, 0x1a, 0x30, 0xf6, 0xd8, 0xf2, 0x19, 0x9e, 0xa2, 0x7a, + 0x19, 0x35, 0x92, 0xe5, 0xd6, 0x35, 0x96, 0xe7, 0xe5, 0x8b, 0xaa, 0xb6, 0x8f, 0x08, 0x95, 0x46, + 0x53, 0xf3, 0x92, 0x89, 0xad, 0x6f, 0x42, 0x89, 0x67, 0x1e, 0x06, 0xe3, 0xb1, 0x4b, 0x2d, 0x7e, + 0x26, 0x8b, 0xfc, 0x4c, 0x96, 0x98, 0x7d, 0x9b, 0x9b, 0x1f, 0xb1, 0xd3, 0x59, 0x83, 0xbc, 0x8d, + 0x28, 0x12, 0x90, 0x2c, 0x87, 0xe4, 0x98, 0x81, 0x3b, 0xab, 0xa0, 0x1d, 0x05, 0x14, 0x47, 0x44, + 0xb8, 0x73, 0xdc, 0x0d, 0xc2, 0xc4, 0x01, 0xef, 0xc2, 0xf2, 0x11, 0xf2, 0x5c, 0x1b, 0xd1, 0x20, + 0x06, 0xe5, 0xc5, 0x32, 0x53, 0x33, 0x07, 0xbe, 0x07, 0xab, 0x3e, 0x3e, 0xa6, 0xd6, 0xab, 0x68, + 0xe0, 0x68, 0x9d, 0xf9, 0x9e, 0xcc, 0x47, 0xdc, 0x82, 0xa5, 0x61, 0x7c, 0x64, 0x02, 0xab, 0x71, + 0x6c, 0x31, 0xb1, 0x72, 0xd8, 0xff, 0x21, 0x87, 0xc2, 0x50, 0x00, 0x0a, 0x1c, 0x90, 0x45, 0x61, + 0xc8, 0x5d, 0x77, 0x61, 0x85, 0x93, 0x10, 0x61, 0x32, 0xf1, 0xa8, 0x4c, 0x52, 0xe4, 0x98, 0x65, + 0xe6, 0x30, 0x85, 0x9d, 0x63, 0x37, 0xa0, 0x88, 0x8f, 0x5c, 0x1b, 0xfb, 0x43, 0x2c, 0x70, 0x4b, + 0x1c, 0x57, 0x88, 0x8d, 0x1c, 0x74, 0x07, 0x4a, 0x61, 0x14, 0x84, 0x01, 0xc1, 0x91, 0x85, 0x6c, + 0x3b, 0xc2, 0x84, 0x94, 0x97, 0x45, 0xbe, 0xd8, 0xde, 0x14, 0xe6, 0xfa, 0x7d, 0x50, 0x77, 0x10, + 0x45, 0x7a, 0x09, 0xd2, 0xf4, 0x98, 0x94, 0x95, 0x5a, 0x7a, 0xb3, 0x60, 0xb2, 0xe1, 0x85, 0xed, + 0xfb, 0x67, 0x0a, 0xd4, 0x27, 0x01, 0xc5, 0xfa, 0x03, 0x50, 0xd9, 0x51, 0x73, 0x35, 0x2f, 0x5d, + 0xde, 0x23, 0x3d, 0xd7, 0xf1, 0xb1, 0x7d, 0x40, 0x9c, 0xfe, 0x49, 0x88, 0x4d, 0x1e, 0x32, 0x23, + 0xcf, 0xd4, 0x9c, 0x3c, 0x57, 0x21, 0x13, 0x05, 0x13, 0xdf, 0x96, 0xaa, 0x15, 0x13, 0xfd, 0x31, + 0xe4, 0x12, 0xd5, 0xa9, 0x57, 0x53, 0xdd, 0xb2, 0x54, 0x5d, 0xdc, 0xec, 0x66, 0x76, 0x20, 0xd5, + 0xd6, 0x82, 0x7c, 0x72, 0x4d, 0x4a, 0x0d, 0x5f, 0xad, 0x0d, 0xa6, 0x61, 0xfa, 0x3d, 0x58, 0x49, + 0xb4, 0x91, 0x90, 0x2b, 0x24, 0x5b, 0x4a, 0x1c, 0x92, 0xdd, 0x39, 0xd9, 0x59, 0xe2, 0xc2, 0xcb, + 0xf2, 0xdd, 0x4d, 0x65, 0xd7, 0xe6, 0x37, 0xdf, 0x5b, 0x90, 0x27, 0xae, 0xe3, 0x23, 0x3a, 0x89, + 0xb0, 0x94, 0xef, 0xd4, 0x50, 0xff, 0x2d, 0x05, 0x8b, 0xa2, 0x15, 0x66, 0xd8, 0x53, 0x2e, 0x66, + 0x8f, 0x91, 0x9a, 0xb9, 0x88, 0xbd, 0xf4, 0xeb, 0xb2, 0xb7, 0x07, 0x90, 0x94, 0x44, 0xca, 0x6a, + 0x2d, 0xbd, 0xa9, 0x6d, 0xdd, 0xbc, 0x2c, 0x9d, 0x28, 0xb7, 0xe7, 0x3a, 0xf2, 0x16, 0x9b, 0x09, + 0x4d, 0x94, 0x95, 0x99, 0xb9, 0x7c, 0x9b, 0x90, 0x1f, 0xb8, 0xd4, 0x42, 0x51, 0x84, 0x4e, 0x38, + 0x9d, 0xda, 0xd6, 0x3b, 0xe7, 0x73, 0xb3, 0xd7, 0xcc, 0x60, 0xaf, 0x99, 0xd1, 0x72, 0x69, 0x93, + 0x61, 0xcd, 0xdc, 0x40, 0x8e, 0xf4, 0xf7, 0x61, 0x15, 0x39, 0x4e, 0x84, 0x1d, 0x44, 0xb1, 0x6d, + 0x4d, 0xe9, 0x14, 0xca, 0xbf, 0x36, 0xf5, 0xf5, 0x12, 0x62, 0xff, 0x50, 0x20, 0x9f, 0x54, 0xaa, + 0xef, 0x41, 0x31, 0x66, 0xcb, 0x7a, 0xea, 0x21, 0x47, 0xaa, 0x7b, 0xe3, 0x1f, 0x28, 0x7b, 0xe8, + 0x21, 0xc7, 0xd4, 0x24, 0x4b, 0x6c, 0x72, 0xb1, 0x46, 0x52, 0x97, 0x68, 0x64, 0x4e, 0x94, 0xe9, + 0x7f, 0x27, 0xca, 0x39, 0xf9, 0xa8, 0xaf, 0xca, 0xe7, 0xa7, 0x14, 0xe4, 0xba, 0xbc, 0xef, 0x91, + 0xf7, 0x9f, 0x77, 0x6e, 0xa2, 0xbd, 0x35, 0xc8, 0x87, 0x81, 0x67, 0x09, 0x8f, 0xca, 0x3d, 0xb9, + 0x30, 0xf0, 0xcc, 0x73, 0xc2, 0xcc, 0xbc, 0xd1, 0xb6, 0x5e, 0x7c, 0x03, 0x0c, 0x66, 0x5f, 0x65, + 0xf0, 0x2b, 0x28, 0x08, 0x42, 0xe4, 0x7b, 0xfe, 0x21, 0x63, 0x82, 0x7f, 0x24, 0x88, 0xe7, 0x7c, + 0xfd, 0xb2, 0xe2, 0x05, 0xde, 0x94, 0x68, 0x16, 0x27, 0x5e, 0x3a, 0xf9, 0x71, 0xb1, 0xfe, 0xf7, + 0xed, 0x63, 0x4a, 0x74, 0xfd, 0x57, 0x05, 0xf2, 0x7c, 0xdb, 0x07, 0x98, 0xa2, 0x39, 0xf2, 0x94, + 0xd7, 0x25, 0xef, 0x6d, 0x00, 0x91, 0x8c, 0xb8, 0xcf, 0xb1, 0x3c, 0xd8, 0x3c, 0xb7, 0xf4, 0xdc, + 0xe7, 0x58, 0xff, 0x38, 0xd9, 0x69, 0xfa, 0x2a, 0x3b, 0x95, 0xdd, 0x1e, 0xef, 0xf7, 0x06, 0x64, + 0xfd, 0xc9, 0xd8, 0x62, 0x2f, 0x8b, 0x2a, 0x24, 0xe3, 0x4f, 0xc6, 0xfd, 0x63, 0x72, 0xf7, 0x67, + 0x05, 0xb4, 0x99, 0xf6, 0xd1, 0x2b, 0x70, 0xbd, 0xb5, 0x7f, 0xb8, 0xfd, 0x78, 0xc7, 0x6a, 0xef, + 0x58, 0x0f, 0xf7, 0x9b, 0x7b, 0xd6, 0x27, 0x9d, 0xc7, 0x9d, 0xc3, 0x4f, 0x3b, 0xa5, 0x05, 0xbd, + 0x01, 0xab, 0xdc, 0x97, 0xb8, 0x9a, 0xad, 0xde, 0x6e, 0xa7, 0x5f, 0x52, 0x2a, 0xff, 0x3b, 0x3d, + 0xab, 0xad, 0xcc, 0xa4, 0x69, 0x0e, 0x08, 0xf6, 0xe9, 0xf9, 0x80, 0xed, 0xc3, 0x83, 0x83, 0x76, + 0xbf, 0x94, 0x3a, 0x17, 0x20, 0x2f, 0xd5, 0x3b, 0xb0, 0x32, 0x1f, 0xd0, 0x69, 0xef, 0x97, 0xd2, + 0x15, 0xfd, 0xf4, 0xac, 0xb6, 0x34, 0x83, 0xee, 0xb8, 0x5e, 0x25, 0xf7, 0xf5, 0x77, 0xeb, 0x0b, + 0x3f, 0x7e, 0xbf, 0xbe, 0x70, 0xf7, 0x07, 0x05, 0x8a, 0x73, 0x5d, 0xa2, 0xaf, 0xc1, 0x8d, 0x5e, + 0x7b, 0xaf, 0xb3, 0xbb, 0x63, 0x1d, 0xf4, 0xf6, 0xac, 0xfe, 0xe7, 0xdd, 0xdd, 0x99, 0x5d, 0xdc, + 0x84, 0x42, 0xd7, 0xdc, 0x7d, 0x72, 0xd8, 0xdf, 0xe5, 0x9e, 0x92, 0x52, 0x59, 0x3e, 0x3d, 0xab, + 0x69, 0xdd, 0x08, 0xb3, 0xcf, 0x14, 0x1e, 0x7f, 0x0b, 0x96, 0xba, 0xe6, 0xae, 0x28, 0x56, 0x80, + 0x52, 0x95, 0x95, 0xd3, 0xb3, 0x5a, 0xb1, 0x1b, 0x61, 0x21, 0x04, 0x0e, 0xdb, 0x80, 0x62, 0xd7, + 0x3c, 0xec, 0x1e, 0xf6, 0x9a, 0xfb, 0x02, 0x95, 0xae, 0x94, 0x4e, 0xcf, 0x6a, 0x85, 0xb8, 0xc5, + 0x19, 0x68, 0x5a, 0x67, 0xcb, 0xf8, 0xe2, 0xbe, 0xe3, 0xd2, 0xd1, 0x64, 0x60, 0x0c, 0x83, 0x71, + 0x63, 0x7a, 0x7a, 0xb3, 0xc3, 0x99, 0x5f, 0x29, 0x83, 0x45, 0x3e, 0xf9, 0xe0, 0xaf, 0x00, 0x00, + 0x00, 0xff, 0xff, 0x42, 0x13, 0xc4, 0x21, 0xbb, 0x0c, 0x00, 0x00, } diff --git a/proto/types/types.proto b/proto/types/types.proto index e4578e5c6..bf365ccff 100644 --- a/proto/types/types.proto +++ b/proto/types/types.proto @@ -110,6 +110,10 @@ message Commit { repeated CommitSig signatures = 4 [(gogoproto.nullable) = false]; bytes hash = 5; tendermint.proto.libs.bits.BitArray bit_array = 6; + + // Additional field that LINE Blockchain uses for aggregated signature. For protobuf, the tags in the 1 to 15 is + // packed into a single byte, so we use 15 to account for differential expansions imported from Tendermint. + bytes aggregated_signature = 15; } // CommitSig is a part of the Vote included in a Commit. diff --git a/rpc/client/rpc_test.go b/rpc/client/rpc_test.go index 0d67fcd4a..ecf2a5ca9 100644 --- a/rpc/client/rpc_test.go +++ b/rpc/client/rpc_test.go @@ -564,7 +564,6 @@ func deepcpVote(vote *types.Vote) (res *types.Vote) { Hash: make([]byte, len(vote.BlockID.Hash)), PartsHeader: vote.BlockID.PartsHeader, }, - Signature: make([]byte, len(vote.Signature)), } copy(res.ValidatorAddress, vote.ValidatorAddress) copy(res.BlockID.Hash, vote.BlockID.Hash) diff --git a/types/block.go b/types/block.go index 554acd022..1d6e00fd1 100644 --- a/types/block.go +++ b/types/block.go @@ -8,10 +8,11 @@ import ( "time" "github.com/pkg/errors" - "github.com/tendermint/tendermint/crypto/bls" - "github.com/tendermint/tendermint/crypto/ed25519" "github.com/tendermint/tendermint/crypto" + "github.com/tendermint/tendermint/crypto/bls" + "github.com/tendermint/tendermint/crypto/composite" + "github.com/tendermint/tendermint/crypto/ed25519" "github.com/tendermint/tendermint/crypto/merkle" "github.com/tendermint/tendermint/crypto/tmhash" "github.com/tendermint/tendermint/libs/bits" @@ -556,7 +557,9 @@ type CommitSig struct { BlockIDFlag BlockIDFlag `json:"block_id_flag"` ValidatorAddress Address `json:"validator_address"` Timestamp time.Time `json:"timestamp"` - Signature []byte `json:"signature"` + + // This can take a nil in case when the signature is being aggregated. + Signature []byte `json:"signature"` } const ( @@ -663,10 +666,8 @@ func (cs CommitSig) ValidateBasic() error { ) } // NOTE: Timestamp validation is subtle and handled elsewhere. - if len(cs.Signature) == 0 { - return errors.New("signature is missing") - } - if len(cs.Signature) > MaxSignatureSize { + // NOTE: Signature may be nil if it is aggregated and is handled elsewhere. + if cs.Signature != nil && len(cs.Signature) > MaxSignatureSize { return fmt.Errorf("signature is too big %d (max: %d)", len(cs.Signature), MaxSignatureSize) } } @@ -760,6 +761,9 @@ func (commit *Commit) MaxCommitBytes() int64 { // Panics if signatures from the commit can't be added to the voteset. // Inverse of VoteSet.MakeCommit(). func CommitToVoteSet(chainID string, commit *Commit, voters *VoterSet) *VoteSet { + if commit.AggregatedSignature != nil { + panic("Aggregated commit cannot make a VoteSet") + } voteSet := NewVoteSet(chainID, commit.Height, commit.Round, PrecommitType, voters) for idx, commitSig := range commit.Signatures { if commitSig.Absent() { @@ -773,6 +777,27 @@ func CommitToVoteSet(chainID string, commit *Commit, voters *VoterSet) *VoteSet return voteSet } +func (commit *Commit) AggregateSignatures() { + if commit.AggregatedSignature != nil { + panic("The commit is already aggregated") + } + var err error + for i := 0; i < len(commit.Signatures); i++ { + if !commit.Signatures[i].Absent() && len(commit.Signatures[i].Signature) == bls.SignatureSize { + if commit.AggregatedSignature == nil { + commit.AggregatedSignature = commit.Signatures[i].Signature + } else { + commit.AggregatedSignature, err = bls.AddSignature(commit.AggregatedSignature, + commit.Signatures[i].Signature) + if err != nil { + panic(fmt.Sprintf("fail to aggregate signature: %s\n", err)) + } + } + commit.Signatures[i].Signature = nil + } + } +} + // GetVote converts the CommitSig for the given valIdx to a Vote. // Returns nil if the precommit at valIdx is nil. // Panics if valIdx >= commit.Size(). @@ -869,10 +894,27 @@ func (commit *Commit) ValidateBasic() error { if len(commit.Signatures) == 0 { return errors.New("no signatures in commit") } + omittedSignatures := 0 for i, commitSig := range commit.Signatures { if err := commitSig.ValidateBasic(); err != nil { return fmt.Errorf("wrong CommitSig #%d: %v", i, err) } + if !commitSig.Absent() && commitSig.Signature == nil { + omittedSignatures++ + } + } + switch { + case commit.AggregatedSignature == nil: + if omittedSignatures > 0 { + return fmt.Errorf("%d erased signatures are present, but no aggregate signature exist in commit", + omittedSignatures) + } + case omittedSignatures == 0: + return fmt.Errorf("erased signatures are not present, but aggregated signature exist in commit: %x", + commit.AggregatedSignature) + case len(commit.AggregatedSignature) > MaxSignatureSize: + return fmt.Errorf("signature is too big %d (max: %d)", + len(commit.AggregatedSignature), MaxSignatureSize) } } @@ -885,10 +927,11 @@ func (commit *Commit) Hash() tmbytes.HexBytes { return nil } if commit.hash == nil { - bs := make([][]byte, len(commit.Signatures)) + bs := make([][]byte, len(commit.Signatures)+1) for i, commitSig := range commit.Signatures { bs[i] = cdcEncode(commitSig) } + bs[len(bs)-1] = commit.AggregatedSignature commit.hash = merkle.SimpleHashFromByteSlices(bs) } return commit.hash @@ -907,12 +950,14 @@ func (commit *Commit) StringIndented(indent string) string { %s Height: %d %s Round: %d %s BlockID: %v +%s AggregatedSignature: %X %s Signatures: %s %v %s}#%v`, indent, commit.Height, indent, commit.Round, indent, commit.BlockID, + indent, tmbytes.Fingerprint(commit.AggregatedSignature), indent, indent, strings.Join(commitSigStrings, "\n"+indent+" "), indent, commit.hash) @@ -934,6 +979,7 @@ func (commit *Commit) ToProto() *tmproto.Commit { c.Height = commit.Height c.Round = int32(commit.Round) c.BlockID = commit.BlockID.ToProto() + c.AggregatedSignature = commit.AggregatedSignature if commit.hash != nil { c.Hash = commit.hash } @@ -941,6 +987,39 @@ func (commit *Commit) ToProto() *tmproto.Commit { return c } +// VerifySignatures validates the signatures in this commit. +func (commit *Commit) VerifySignatures(chainID string, vals []*Validator) error { + blsPubKeys := make([]bls.PubKeyBLS12, 0, len(commit.Signatures)) + messages := make([][]byte, 0, len(commit.Signatures)) + for idx, commitSig := range commit.Signatures { + if commitSig.Absent() { + continue // OK, some signatures can be absent. + } + + // Validate signature. + if val := vals[idx]; val != nil { + voteSignBytes := commit.VoteSignBytes(chainID, idx) + if commitSig.Signature != nil { + if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { + return fmt.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) + } + } else { + blsPubKey := GetSignatureKey(val.PubKey) + if blsPubKey == nil { + return fmt.Errorf("signature %d has been omitted, even though it is not a BLS key", idx) + } + blsPubKeys = append(blsPubKeys, *blsPubKey) + messages = append(messages, voteSignBytes) + } + } + } + + if err := bls.VerifyAggregatedSignature(commit.AggregatedSignature, blsPubKeys, messages); err != nil { + return fmt.Errorf("wrong aggregated signature: %X; %s", commit.AggregatedSignature, err) + } + return nil +} + // FromProto sets a protobuf Commit to the given pointer. // It returns an error if the commit is invalid. func CommitFromProto(cp *tmproto.Commit) (*Commit, error) { @@ -971,6 +1050,7 @@ func CommitFromProto(cp *tmproto.Commit) (*Commit, error) { commit.Height = cp.Height commit.Round = int(cp.Round) commit.BlockID = *bi + commit.AggregatedSignature = cp.AggregatedSignature commit.hash = cp.Hash commit.bitArray = bitArray @@ -1246,3 +1326,19 @@ func BlockIDFromProto(bID *tmproto.BlockID) (*BlockID, error) { return blockID, blockID.ValidateBasic() } + +// GetSignatureKey is a utility function for referencing a specified public key as a BLS key for signature. +// If the key is not BLS, return nil +func GetSignatureKey(pubKey crypto.PubKey) *bls.PubKeyBLS12 { + for { + if compPubKey, ok := pubKey.(composite.PubKeyComposite); ok { + pubKey = compPubKey.SignKey + } else { + break + } + } + if blsPubKey, ok := pubKey.(bls.PubKeyBLS12); ok { + return &blsPubKey + } + return nil +} diff --git a/types/block_test.go b/types/block_test.go index 4ef30c1ad..adbb72184 100644 --- a/types/block_test.go +++ b/types/block_test.go @@ -5,6 +5,7 @@ import ( // number generator here and we can run the tests a bit faster "crypto/rand" "encoding/hex" + "fmt" "math" "os" "reflect" @@ -15,6 +16,8 @@ import ( "github.com/stretchr/testify/require" "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/crypto/bls" + "github.com/tendermint/tendermint/crypto/composite" + "github.com/tendermint/tendermint/crypto/ed25519" "github.com/tendermint/tendermint/crypto/merkle" "github.com/tendermint/tendermint/crypto/tmhash" "github.com/tendermint/tendermint/libs/bits" @@ -211,6 +214,63 @@ func TestNilDataHashDoesntCrash(t *testing.T) { assert.Equal(t, []byte(new(Data).Hash()), nilBytes) } +func TestNewCommit(t *testing.T) { + blockID := BlockID{ + Hash: []byte{}, + PartsHeader: PartSetHeader{ + Total: 0, + Hash: []byte{}, + }, + } + privKeys := [...]crypto.PrivKey{ + bls.GenPrivKey(), + composite.GenPrivKey(), + ed25519.GenPrivKey(), + bls.GenPrivKey(), + } + msgs := make([][]byte, len(privKeys)) + signs := make([][]byte, len(privKeys)) + pubKeys := make([]crypto.PubKey, len(privKeys)) + commitSigs := make([]CommitSig, len(privKeys)) + for i := 0; i < len(privKeys); i++ { + msgs[i] = []byte(fmt.Sprintf("hello, world %d", i)) + signs[i], _ = privKeys[i].Sign(msgs[i]) + pubKeys[i] = privKeys[i].PubKey() + commitSigs[i] = NewCommitSigForBlock(signs[i], pubKeys[i].Address(), time.Now()) + assert.Equal(t, signs[i], commitSigs[i].Signature) + } + commit := NewCommit(0, 1, blockID, commitSigs) + + assert.Equal(t, int64(0), commit.Height) + assert.Equal(t, 1, commit.Round) + assert.Equal(t, blockID, commit.BlockID) + assert.Equal(t, len(commitSigs), len(commit.Signatures)) + assert.Nil(t, commit.AggregatedSignature) + assert.NotNil(t, commit.Signatures[0].Signature) + assert.NotNil(t, commit.Signatures[1].Signature) + assert.NotNil(t, commit.Signatures[2].Signature) + assert.NotNil(t, commit.Signatures[3].Signature) + assert.True(t, pubKeys[2].VerifyBytes(msgs[2], commit.Signatures[2].Signature)) + + blsPubKeys := []bls.PubKeyBLS12{ + *GetSignatureKey(pubKeys[0]), + *GetSignatureKey(pubKeys[1]), + *GetSignatureKey(pubKeys[3]), + } + blsSigMsgs := [][]byte{msgs[0], msgs[1], msgs[3]} + func() { + aggrSig, err := bls.AddSignature(nil, signs[0]) + assert.Nil(t, err) + aggrSig, err = bls.AddSignature(aggrSig, signs[1]) + assert.Nil(t, err) + aggrSig, err = bls.AddSignature(aggrSig, signs[3]) + assert.Nil(t, err) + err = bls.VerifyAggregatedSignature(aggrSig, blsPubKeys, blsSigMsgs) + assert.Nil(t, err) + assert.Nil(t, commit.AggregatedSignature) + }() +} + func TestCommit(t *testing.T) { lastID := makeBlockIDRandom() h := int64(3) @@ -229,7 +289,6 @@ func TestCommit(t *testing.T) { assert.Equal(t, bits.NewBitArray(10).Size(), commit.BitArray().Size()) assert.Equal(t, voteSet.GetByIndex(0), commit.GetByIndex(0)) - assert.True(t, commit.IsCommit()) } func TestCommitValidateBasic(t *testing.T) { @@ -253,6 +312,49 @@ func TestCommitValidateBasic(t *testing.T) { } } +func TestCommitHash(t *testing.T) { + t.Run("receiver is nil", func(t *testing.T) { + var commit *Commit = nil + assert.Nil(t, commit.Hash()) + }) + + t.Run("without any signatures", func(t *testing.T) { + commit := &Commit{ + hash: nil, + Signatures: nil, + AggregatedSignature: nil, + } + expected, _ := hex.DecodeString("6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D") + assert.Equal(t, expected, commit.Hash().Bytes()) + }) + + t.Run("with out without aggregated signature", func(t *testing.T) { + signature := []byte{0, 0, 0, 0} + address := []byte{0, 0, 0, 0} + tm := time.Unix(0, 0) + commit := &Commit{ + hash: nil, + Signatures: []CommitSig{ + NewCommitSigAbsent(), + NewCommitSigForBlock(signature, address, tm), + }, + AggregatedSignature: nil, + } + expected, _ := hex.DecodeString("82ac742aeeb4266d4e1f659985987c181c494ac17494750cda4dce61e38b0514") + assert.Equal(t, expected, commit.Hash().Bytes()) + + commit.hash = nil + commit.AggregatedSignature = []byte{0, 0, 0, 0} + expected, _ = hex.DecodeString("0b3875dd994c60a8781851e5533886f3000203fa2f9587b5c256666dc5fa89ef") + assert.Equal(t, expected, commit.Hash().Bytes()) + + commit.hash = nil + commit.AggregatedSignature = []byte{0, 1, 2, 3} + expected, _ = hex.DecodeString("f7d7318af02be9015b6440496844d06ec68684251c2378c41a2c2b4e2f5d76cb") + assert.Equal(t, expected, commit.Hash().Bytes()) + }) +} + func TestHeaderHash(t *testing.T) { testCases := []struct { desc string diff --git a/types/validator_set_test.go b/types/validator_set_test.go index 4e1b1ee11..649befa98 100644 --- a/types/validator_set_test.go +++ b/types/validator_set_test.go @@ -718,8 +718,13 @@ func TestValidatorSet_VerifyCommitLight_ReturnsAsSoonAsMajorityOfVotingPowerSign require.NoError(t, err) commit.Signatures[3] = vote.CommitSig() + // NOTE: Before BLS signature aggregation, in case that three of the four signatures are valid, the Commit itself + // is considered valid even if one of the remaining signatures has been tampered with or replaced, but after + // BLS signature aggregation, the verification fails unless all four signatures are valid, since all four + // signatures are verified at once. err = vset.VerifyCommitLight(chainID, blockID, h, commit) - assert.NoError(t, err) + assert.Error(t, err) + assert.Contains(t, err.Error(), "wrong signature (#3)") } func TestValidatorSet_VerifyCommitLightTrusting_ReturnsAsSoonAsTrustLevelOfVotingPowerSigned(t *testing.T) { @@ -739,8 +744,13 @@ func TestValidatorSet_VerifyCommitLightTrusting_ReturnsAsSoonAsTrustLevelOfVotin require.NoError(t, err) commit.Signatures[2] = vote.CommitSig() + // NOTE: Before BLS signature aggregation, in case that three of the four signatures are valid, the Commit itself + // is considered valid even if one of the remaining signatures has been tampered with or replaced, but after + // BLS signature aggregation, the verification fails unless all four signatures are valid, since all four + // signatures are verified at once. err = vset.VerifyCommitLightTrusting(chainID, blockID, h, commit, tmmath.Fraction{Numerator: 1, Denominator: 3}) - assert.NoError(t, err) + assert.Error(t, err) + assert.Contains(t, err.Error(), "wrong signature (#2)") } func TestEmptySet(t *testing.T) { diff --git a/types/vote_set_test.go b/types/vote_set_test.go index 0153f38d1..0f25dcdc3 100644 --- a/types/vote_set_test.go +++ b/types/vote_set_test.go @@ -2,8 +2,14 @@ package types import ( "bytes" + "fmt" + "sort" "testing" + "github.com/tendermint/tendermint/crypto/bls" + "github.com/tendermint/tendermint/crypto/composite" + "github.com/tendermint/tendermint/crypto/ed25519" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -24,6 +30,31 @@ func randVoteSet( return NewVoteSet("test_chain_id", height, round, signedMsgType, voterSet), valSet, voterSet, privValidators } +func randVoteSetForPrivKeys( + height int64, + round int, + signedMsgType SignedMsgType, + privKeys []crypto.PrivKey, + votingPower int64, +) (*VoteSet, *ValidatorSet, *VoterSet, []PrivValidator) { + valz := make([]*Validator, len(privKeys)) + privValidators := make([]PrivValidator, len(privKeys)) + for i := 0; i < len(privKeys); i++ { + privVal := MockPV{privKeys[i], false, false} + pubKey, err := privVal.GetPubKey() + if err != nil { + panic(fmt.Errorf("could not retrieve pubkey %w", err)) + } + val := NewValidator(pubKey, votingPower) + valz[i] = val + privValidators[i] = privVal + } + vals := NewValidatorSet(valz) + sort.Sort(PrivValidatorsByAddress(privValidators)) + voterSet := SelectVoter(vals, []byte{}, DefaultVoterParams()) + return NewVoteSet("test_chain_id", height, round, signedMsgType, voterSet), vals, voterSet, privValidators +} + // Convenience: Return new vote with different validator address/index func withValidator(vote *Vote, addr []byte, idx int) *Vote { vote = vote.Copy() @@ -594,4 +625,51 @@ func TestMakeCommit(t *testing.T) { if err := commit.ValidateBasic(); err != nil { t.Errorf("error in Commit.ValidateBasic(): %v", err) } + + // Signature aggregation + t.Run("SignatureAggregation", func(t *testing.T) { + privKeys := [...]crypto.PrivKey{ + bls.GenPrivKey(), + composite.GenPrivKey(), + ed25519.GenPrivKey(), + bls.GenPrivKey(), + } + voteSet, _, _, privValidators := randVoteSetForPrivKeys(height, round, PrecommitType, privKeys[:], 1) + for i := range privKeys { + pubKey, err := privValidators[i].GetPubKey() + if err != nil { + t.Fatal(err) + } + addr := pubKey.Address() + vote := withValidator(voteProto, addr, i) + fmt.Printf("*** %v - %v\n", vote.ValidatorAddress, addr) + if _, err := signAddVote(privValidators[i], vote, voteSet); err != nil { + t.Error(err) + } + } + + commit := voteSet.MakeCommit() + commit.AggregateSignatures() + + assert.Equal(t, height, commit.Height) + assert.Equal(t, round, commit.Round) + assert.NotNil(t, commit.AggregatedSignature) + // The order of commit.Signatures is sorted by address. + for i := range commit.Signatures { + idx := 0 + for { + if bytes.Equal(privKeys[idx].PubKey().Address(), commit.Signatures[i].ValidatorAddress) { + break + } + idx++ + } + if _, ok := privKeys[idx].(ed25519.PrivKeyEd25519); ok { + assert.NotNil(t, commit.Signatures[i].Signature) + } else if _, ok := privKeys[idx].(bls.PrivKeyBLS12); ok { + assert.Nil(t, commit.Signatures[i].Signature) + } else if _, ok := privKeys[idx].(composite.PrivKeyComposite); ok { + assert.Nil(t, commit.Signatures[i].Signature) + } + } + }) } diff --git a/types/voter_set.go b/types/voter_set.go index da8f7d1fc..3672e30c8 100644 --- a/types/voter_set.go +++ b/types/voter_set.go @@ -8,14 +8,13 @@ import ( "sort" "strings" - tmproto "github.com/tendermint/tendermint/proto/types" - "github.com/pkg/errors" "github.com/tendermint/tendermint/crypto/merkle" "github.com/tendermint/tendermint/crypto/tmhash" tmmath "github.com/tendermint/tendermint/libs/math" tmrand "github.com/tendermint/tendermint/libs/rand" + tmproto "github.com/tendermint/tendermint/proto/types" ) // VoterSet represent a set of *Validator at a given height. @@ -155,11 +154,6 @@ func (voters *VoterSet) VerifyCommit(chainID string, blockID BlockID, // This means we don't need the validator address or to do any lookup. val := voters.Voters[idx] - // Validate signature. - voteSignBytes := commit.VoteSignBytes(chainID, idx) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { - return fmt.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) - } // Good! if blockID.Equals(commitSig.BlockID(commit.BlockID)) { talliedVotingPower += val.VotingPower @@ -170,6 +164,11 @@ func (voters *VoterSet) VerifyCommit(chainID string, blockID BlockID, // } } + // Validate signature. + if err := commit.VerifySignatures(chainID, voters.Voters); err != nil { + return err + } + if got, needed := talliedVotingPower, votingPowerNeeded; got <= needed { return ErrNotEnoughVotingPowerSigned{Got: got, Needed: needed} } @@ -213,16 +212,14 @@ func (voters *VoterSet) VerifyCommitLight(chainID string, blockID BlockID, // This means we don't need the validator address or to do any lookup. val := voters.Voters[idx] - // Validate signature. - voteSignBytes := commit.VoteSignBytes(chainID, idx) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { - return fmt.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) - } - talliedVotingPower += val.VotingPower // return as soon as +2/3 of the signatures are verified if talliedVotingPower > votingPowerNeeded { + // Validate signature. + if err := commit.VerifySignatures(chainID, voters.Voters); err != nil { + return err + } return nil } } @@ -273,23 +270,20 @@ func (voters *VoterSet) VerifyFutureCommit(newSet *VoterSet, chainID string, oldVotingPower := int64(0) seen := map[int]bool{} - for idx, commitSig := range commit.Signatures { + vals := make([]*Validator, 0, len(commit.Signatures)) + for _, commitSig := range commit.Signatures { if commitSig.Absent() { continue // OK, some signatures can be absent. } // See if this validator is in oldVals. oldIdx, val := oldVoters.GetByAddress(commitSig.ValidatorAddress) + vals = append(vals, val) if val == nil || seen[oldIdx] { continue // missing or double vote... } seen[oldIdx] = true - // Validate signature. - voteSignBytes := commit.VoteSignBytes(chainID, idx) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { - return errors.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) - } // Good! if blockID.Equals(commitSig.BlockID(commit.BlockID)) { oldVotingPower += val.VotingPower @@ -300,6 +294,11 @@ func (voters *VoterSet) VerifyFutureCommit(newSet *VoterSet, chainID string, // } } + // Validate signature. + if err := commit.VerifySignatures(chainID, vals); err != nil { + return err + } + if got, needed := oldVotingPower, oldVoters.TotalVotingPower()*2/3; got <= needed { return ErrNotEnoughVotingPowerSigned{Got: got, Needed: needed} } @@ -333,6 +332,7 @@ func (voters *VoterSet) VerifyCommitTrusting(chainID string, blockID BlockID, } votingPowerNeeded := totalVotingPowerMulByNumerator / trustLevel.Denominator + vals := make([]*Validator, 0, len(commit.Signatures)) for idx, commitSig := range commit.Signatures { if commitSig.Absent() { continue // OK, some signatures can be absent. @@ -341,6 +341,7 @@ func (voters *VoterSet) VerifyCommitTrusting(chainID string, blockID BlockID, // We don't know the validators that committed this block, so we have to // check for each vote if its validator is already known. valIdx, val := voters.GetByAddress(commitSig.ValidatorAddress) + vals = append(vals, val) if firstIndex, ok := seenVals[valIdx]; ok { // double vote secondIndex := idx @@ -350,12 +351,6 @@ func (voters *VoterSet) VerifyCommitTrusting(chainID string, blockID BlockID, if val != nil { seenVals[valIdx] = idx - // Validate signature. - voteSignBytes := commit.VoteSignBytes(chainID, idx) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { - return errors.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) - } - // Good! if blockID.Equals(commitSig.BlockID(commit.BlockID)) { talliedVotingPower += val.VotingPower @@ -371,6 +366,11 @@ func (voters *VoterSet) VerifyCommitTrusting(chainID string, blockID BlockID, } } + // Validate signature. + if err := commit.VerifySignatures(chainID, vals); err != nil { + return err + } + return ErrNotEnoughVotingPowerSigned{Got: talliedVotingPower, Needed: votingPowerNeeded} } @@ -427,15 +427,18 @@ func (voters *VoterSet) VerifyCommitLightTrusting(chainID string, blockID BlockI } seenVals[valIdx] = idx - // Validate signature. - voteSignBytes := commit.VoteSignBytes(chainID, idx) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { - return errors.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) - } - talliedVotingPower += val.VotingPower if talliedVotingPower > votingPowerNeeded { + // Validate signature. + vals := make([]*Validator, 0, len(commit.Signatures)) + for _, cs := range commit.Signatures { + _, val := voters.GetByAddress(cs.ValidatorAddress) + vals = append(vals, val) + } + if err := commit.VerifySignatures(chainID, vals); err != nil { + return err + } return nil } } diff --git a/types/voter_set_test.go b/types/voter_set_test.go index 9c584a542..a7e433a45 100644 --- a/types/voter_set_test.go +++ b/types/voter_set_test.go @@ -4,15 +4,13 @@ import ( "bytes" "math" "math/big" + "sort" "strconv" "strings" "testing" "time" - "sort" - "github.com/tendermint/tendermint/crypto" - "github.com/tendermint/tendermint/crypto/merkle" "github.com/tendermint/tendermint/libs/rand" tmtime "github.com/tendermint/tendermint/types/time" @@ -357,9 +355,10 @@ func TestElectVotersNonDupByzantineTolerable(t *testing.T) { rand.Seed(seed) t.Logf("used seed=%d", seed) validatorSet := newValidatorSet(100, func(i int) int64 { return int64(rand.Uint32()%10000 + 100) }) - tolerableByzantinePercentage := int(rand.Uint() % 33) - tolerableByzantinePower := getTolerableByzantinePower(validatorSet.TotalStakingPower(), - tolerableByzantinePercentage) + // this test has no mean if all validators are elected as voters. + // So limit the maximum to 15% not to elect all validators as voters + tolerableByzantinePercentage := int(rand.Uint() % 15) + tolerableByzantinePower := getTolerableByzantinePower(validatorSet.TotalStakingPower(), tolerableByzantinePercentage) voters := electVotersNonDup(validatorSet.Validators, rand.Uint64(), tolerableByzantinePercentage, int(rand.Uint()%100)) totalVoting := int64(0) for _, v := range voters {