Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Genesis is signed with correct key #4253

Closed
mversic opened this issue Feb 5, 2024 · 1 comment · Fixed by #4413
Closed

Genesis is signed with correct key #4253

mversic opened this issue Feb 5, 2024 · 1 comment · Fixed by #4413
Assignees
@Erigara @timofeevmd
Labels
iroha2-dev The re-implementation of a BFT hyperledger in RUST QA-confirmed This bug is reproduced and needs a fix Security This issue asks for improved security

Comments

@mversic
Copy link
Contributor

mversic commented Feb 5, 2024

When genesis is received via listen for genesis via sumeragi_listen_for_genesis(BlockCreated/BlockSyncUpdate) it is not verified that genesis is signed with IROHA_GENESIS_PUBLIC_KEY. Not even leader that creates the genesis block verifies that genesis is signed with correct key in sumeragi_init_commit_genesis
@mversic mversic added iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security labels Feb 5, 2024
@timofeevmd
Copy link
Contributor

flow to reproduce
use one genesis_private_key with the peer submitting a genesis block and give a different genesis_public_key to other peers

just use different key pairs on different nodes for genesis account

docker-compose.yml.zip

image.png

@Erigara Erigara self-assigned this Apr 5, 2024
Erigara added a commit to Erigara/iroha that referenced this issue Apr 10, 2024
@Erigara
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
8f5de34 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
@Erigara Erigara mentioned this issue Apr 10, 2024
Merged
Erigara added a commit to Erigara/iroha that referenced this issue Apr 15, 2024
@Erigara
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
9a3dcf4 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Apr 15, 2024
@Erigara
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
c93ab71 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Apr 16, 2024
@Erigara
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
0635cea 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
mversic pushed a commit to Erigara/iroha that referenced this issue Apr 16, 2024
@Erigara @mversic
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
ec48a15 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
mversic pushed a commit to Erigara/iroha that referenced this issue Apr 16, 2024
@Erigara @mversic
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
7d61a05 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Apr 17, 2024
@Erigara
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
6acfd5a 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Apr 17, 2024
@Erigara
[fix] hyperledger-iroha#4253: Check genesis pub key in genesis round
9fd4943 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit that referenced this issue Apr 17, 2024
@Erigara
[fix] #4253: Check genesis pub key in genesis round
2cece35 
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
@Erigara Erigara reopened this Apr 17, 2024
@timofeevmd timofeevmd self-assigned this Apr 22, 2024
@timofeevmd timofeevmd added the QA-confirmed This bug is reproduced and needs a fix label Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Erigara Erigara

@timofeevmd timofeevmd

Labels
iroha2-dev The re-implementation of a BFT hyperledger in RUST QA-confirmed This bug is reproduced and needs a fix Security This issue asks for improved security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[fix] #4253: Check genesis pub key in genesis round Erigara/iroha
3 participants
@Erigara @mversic @timofeevmd