Merge pull request #1320 from filecoin-project/feat/fix-signature-verification

Fix signature verification in adapters
This commit is contained in:
Whyrusleeping 2020-03-03 16:01:05 -08:00 committed by GitHub
commit 8f1bf7a0ed
5 changed files with 62 additions and 25 deletions

2
go.mod
View File

@ -18,7 +18,7 @@ require (
github.com/filecoin-project/go-crypto v0.0.0-20191218222705-effae4ea9f03 github.com/filecoin-project/go-crypto v0.0.0-20191218222705-effae4ea9f03
github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce
github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5 github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5
github.com/filecoin-project/go-fil-markets v0.0.0-20200229032800-36a9b170996a github.com/filecoin-project/go-fil-markets v0.0.0-20200303015849-1159079679ca
github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6 github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6
github.com/filecoin-project/go-paramfetch v0.0.2-0.20200218225740-47c639bab663 github.com/filecoin-project/go-paramfetch v0.0.2-0.20200218225740-47c639bab663
github.com/filecoin-project/go-sectorbuilder v0.0.2-0.20200228181617-f00e2c4cc050 github.com/filecoin-project/go-sectorbuilder v0.0.2-0.20200228181617-f00e2c4cc050

6
go.sum
View File

@ -112,8 +112,8 @@ github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce
github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce/go.mod h1:b14UWxhxVCAjrQUYvVGrQRRsjAh79wXYejw9RbUcAww= github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce/go.mod h1:b14UWxhxVCAjrQUYvVGrQRRsjAh79wXYejw9RbUcAww=
github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5 h1:yvQJCW9mmi9zy+51xA01Ea2X7/dL7r8eKDPuGUjRmbo= github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5 h1:yvQJCW9mmi9zy+51xA01Ea2X7/dL7r8eKDPuGUjRmbo=
github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5/go.mod h1:JbkIgFF/Z9BDlvrJO1FuKkaWsH673/UdFaiVS6uIHlA= github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5/go.mod h1:JbkIgFF/Z9BDlvrJO1FuKkaWsH673/UdFaiVS6uIHlA=
github.com/filecoin-project/go-fil-markets v0.0.0-20200229032800-36a9b170996a h1:8Mgw8AxjfWF4dGxnRtGLss0wZYXI3mYnHUhIdvfQqOQ= github.com/filecoin-project/go-fil-markets v0.0.0-20200303015849-1159079679ca h1:EccB/LgjrA6EVSpaVDfQyWe1DS3c0x1DcASBQ8beUdg=
github.com/filecoin-project/go-fil-markets v0.0.0-20200229032800-36a9b170996a/go.mod h1:rfRwhd3ujcCXnD4N9oEM2wjh8GRZGoeNXME+UPG/9ts= github.com/filecoin-project/go-fil-markets v0.0.0-20200303015849-1159079679ca/go.mod h1:rfRwhd3ujcCXnD4N9oEM2wjh8GRZGoeNXME+UPG/9ts=
github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6 h1:92PET+sx1Hb4W/8CgFwGuxaKbttwY+UNspYZTvXY0vs= github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6 h1:92PET+sx1Hb4W/8CgFwGuxaKbttwY+UNspYZTvXY0vs=
github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6/go.mod h1:0HgYnrkeSU4lu1p+LEOeDpFsNBssa0OGGriWdA4hvaE= github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6/go.mod h1:0HgYnrkeSU4lu1p+LEOeDpFsNBssa0OGGriWdA4hvaE=
github.com/filecoin-project/go-paramfetch v0.0.2-0.20200218225740-47c639bab663 h1:eYxi6vI5CyeXD15X1bB3bledDXbqKxqf0wQzTLgwYwA= github.com/filecoin-project/go-paramfetch v0.0.2-0.20200218225740-47c639bab663 h1:eYxi6vI5CyeXD15X1bB3bledDXbqKxqf0wQzTLgwYwA=
@ -128,8 +128,6 @@ github.com/filecoin-project/go-statestore v0.1.0 h1:t56reH59843TwXHkMcwyuayStBIi
github.com/filecoin-project/go-statestore v0.1.0/go.mod h1:LFc9hD+fRxPqiHiaqUEZOinUJB4WARkRfNl10O7kTnI= github.com/filecoin-project/go-statestore v0.1.0/go.mod h1:LFc9hD+fRxPqiHiaqUEZOinUJB4WARkRfNl10O7kTnI=
github.com/filecoin-project/specs-actors v0.0.0-20200210130641-2d1fbd8672cf/go.mod h1:xtDZUB6pe4Pksa/bAJbJ693OilaC5Wbot9jMhLm3cZA= github.com/filecoin-project/specs-actors v0.0.0-20200210130641-2d1fbd8672cf/go.mod h1:xtDZUB6pe4Pksa/bAJbJ693OilaC5Wbot9jMhLm3cZA=
github.com/filecoin-project/specs-actors v0.0.0-20200226200336-94c9b92b2775/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU= github.com/filecoin-project/specs-actors v0.0.0-20200226200336-94c9b92b2775/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU=
github.com/filecoin-project/specs-actors v0.0.0-20200229011003-1d726e3afd04 h1:O343OeQLkLWLj5ZqQ5nhevAGBTeB5LioiA53ddScqdY=
github.com/filecoin-project/specs-actors v0.0.0-20200229011003-1d726e3afd04/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU=
github.com/filecoin-project/specs-actors v0.0.0-20200302011114-7d19171ad051 h1:DX/fGDuARZwasW9ka9k1eK510bjHm/pfxY6JDjAxP1I= github.com/filecoin-project/specs-actors v0.0.0-20200302011114-7d19171ad051 h1:DX/fGDuARZwasW9ka9k1eK510bjHm/pfxY6JDjAxP1I=
github.com/filecoin-project/specs-actors v0.0.0-20200302011114-7d19171ad051/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU= github.com/filecoin-project/specs-actors v0.0.0-20200302011114-7d19171ad051/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=

View File

@ -23,6 +23,7 @@ import (
"github.com/filecoin-project/lotus/chain/stmgr" "github.com/filecoin-project/lotus/chain/stmgr"
"github.com/filecoin-project/lotus/chain/store" "github.com/filecoin-project/lotus/chain/store"
"github.com/filecoin-project/lotus/chain/types" "github.com/filecoin-project/lotus/chain/types"
"github.com/filecoin-project/lotus/lib/sigs"
"github.com/filecoin-project/lotus/markets/utils" "github.com/filecoin-project/lotus/markets/utils"
"github.com/filecoin-project/lotus/node/impl/full" "github.com/filecoin-project/lotus/node/impl/full"
) )
@ -92,8 +93,8 @@ func (n *ClientNodeAdapter) ListStorageProviders(ctx context.Context) ([]*storag
} }
func (n *ClientNodeAdapter) VerifySignature(sig crypto.Signature, addr address.Address, input []byte) bool { func (n *ClientNodeAdapter) VerifySignature(sig crypto.Signature, addr address.Address, input []byte) bool {
log.Warn("stub VerifySignature") err := sigs.Verify(&sig, addr, input)
return true return err == nil
} }
func (n *ClientNodeAdapter) ListClientDeals(ctx context.Context, addr address.Address) ([]storagemarket.StorageDeal, error) { func (n *ClientNodeAdapter) ListClientDeals(ctx context.Context, addr address.Address) ([]storagemarket.StorageDeal, error) {
@ -328,13 +329,19 @@ func (c *ClientNodeAdapter) OnDealSectorCommitted(ctx context.Context, provider
func (n *ClientNodeAdapter) SignProposal(ctx context.Context, signer address.Address, proposal samarket.DealProposal) (*samarket.ClientDealProposal, error) { func (n *ClientNodeAdapter) SignProposal(ctx context.Context, signer address.Address, proposal samarket.DealProposal) (*samarket.ClientDealProposal, error) {
// TODO: output spec signed proposal // TODO: output spec signed proposal
log.Warn("TODO: stub SignProposal") buf, err := cborutil.Dump(&proposal)
if err != nil {
return nil, err
}
sig, err := n.Wallet.Sign(ctx, signer, buf)
if err != nil {
return nil, err
}
return &samarket.ClientDealProposal{ return &samarket.ClientDealProposal{
Proposal: proposal, Proposal: proposal,
ClientSignature: crypto.Signature{ ClientSignature: *sig,
Type: crypto.SigTypeBLS,
Data: []byte{},
},
}, nil }, nil
} }
@ -356,9 +363,8 @@ func (n *ClientNodeAdapter) ValidateAskSignature(ask *storagemarket.SignedStorag
return xerrors.Errorf("failed to re-serialize ask") return xerrors.Errorf("failed to re-serialize ask")
} }
_ = w return sigs.Verify(ask.Signature, w, sigb)
_ = sigb
panic("verify signature")
} }
var _ storagemarket.StorageClientNode = &ClientNodeAdapter{} var _ storagemarket.StorageClientNode = &ClientNodeAdapter{}

View File

@ -13,7 +13,7 @@ import (
"github.com/filecoin-project/specs-actors/actors/builtin/miner" "github.com/filecoin-project/specs-actors/actors/builtin/miner"
"github.com/filecoin-project/specs-actors/actors/crypto" "github.com/filecoin-project/specs-actors/actors/crypto"
"github.com/ipfs/go-cid" "github.com/ipfs/go-cid"
logging "github.com/ipfs/go-log" logging "github.com/ipfs/go-log/v2"
"golang.org/x/xerrors" "golang.org/x/xerrors"
"github.com/filecoin-project/go-address" "github.com/filecoin-project/go-address"
@ -23,6 +23,7 @@ import (
"github.com/filecoin-project/lotus/chain/actors" "github.com/filecoin-project/lotus/chain/actors"
"github.com/filecoin-project/lotus/chain/events" "github.com/filecoin-project/lotus/chain/events"
"github.com/filecoin-project/lotus/chain/types" "github.com/filecoin-project/lotus/chain/types"
"github.com/filecoin-project/lotus/lib/sigs"
"github.com/filecoin-project/lotus/markets/utils" "github.com/filecoin-project/lotus/markets/utils"
"github.com/filecoin-project/lotus/node/modules/dtypes" "github.com/filecoin-project/lotus/node/modules/dtypes"
"github.com/filecoin-project/lotus/storage/sealing" "github.com/filecoin-project/lotus/storage/sealing"
@ -109,8 +110,8 @@ func (n *ProviderNodeAdapter) OnDealComplete(ctx context.Context, deal storagema
} }
func (n *ProviderNodeAdapter) VerifySignature(sig crypto.Signature, addr address.Address, input []byte) bool { func (n *ProviderNodeAdapter) VerifySignature(sig crypto.Signature, addr address.Address, input []byte) bool {
log.Warn("stub VerifySignature") err := sigs.Verify(&sig, addr, input)
return true return err == nil
} }
func (n *ProviderNodeAdapter) ListProviderDeals(ctx context.Context, addr address.Address) ([]storagemarket.StorageDeal, error) { func (n *ProviderNodeAdapter) ListProviderDeals(ctx context.Context, addr address.Address) ([]storagemarket.StorageDeal, error) {

View File

@ -8,6 +8,7 @@ import (
cborutil "github.com/filecoin-project/go-cbor-util" cborutil "github.com/filecoin-project/go-cbor-util"
"github.com/filecoin-project/specs-actors/actors/builtin" "github.com/filecoin-project/specs-actors/actors/builtin"
"github.com/filecoin-project/specs-actors/actors/builtin/account"
"github.com/filecoin-project/specs-actors/actors/builtin/paych" "github.com/filecoin-project/specs-actors/actors/builtin/paych"
"golang.org/x/xerrors" "golang.org/x/xerrors"
@ -69,6 +70,18 @@ func (pm *Manager) TrackInboundChannel(ctx context.Context, ch address.Address)
return err return err
} }
var account account.State
_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
if err != nil {
return err
}
from := account.Address
_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
if err != nil {
return err
}
to := account.Address
maxLane, err := maxLaneFromState(st) maxLane, err := maxLaneFromState(st)
if err != nil { if err != nil {
return err return err
@ -76,8 +89,8 @@ func (pm *Manager) TrackInboundChannel(ctx context.Context, ch address.Address)
return pm.store.TrackChannel(&ChannelInfo{ return pm.store.TrackChannel(&ChannelInfo{
Channel: ch, Channel: ch,
Control: st.To, Control: to,
Target: st.From, Target: from,
Direction: DirInbound, Direction: DirInbound,
NextLane: maxLane + 1, NextLane: maxLane + 1,
@ -95,10 +108,22 @@ func (pm *Manager) loadOutboundChannelInfo(ctx context.Context, ch address.Addre
return nil, err return nil, err
} }
var account account.State
_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
if err != nil {
return nil, err
}
from := account.Address
_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
if err != nil {
return nil, err
}
to := account.Address
return &ChannelInfo{ return &ChannelInfo{
Channel: ch, Channel: ch,
Control: st.From, Control: from,
Target: st.To, Target: to,
Direction: DirOutbound, Direction: DirOutbound,
NextLane: maxLane + 1, NextLane: maxLane + 1,
@ -129,6 +154,13 @@ func (pm *Manager) CheckVoucherValid(ctx context.Context, ch address.Address, sv
return err return err
} }
var account account.State
_, err = pm.sm.LoadActorState(ctx, pca.From, &account, nil)
if err != nil {
return err
}
from := account.Address
// verify signature // verify signature
vb, err := sv.SigningBytes() vb, err := sv.SigningBytes()
if err != nil { if err != nil {
@ -138,7 +170,7 @@ func (pm *Manager) CheckVoucherValid(ctx context.Context, ch address.Address, sv
// TODO: technically, either party may create and sign a voucher. // TODO: technically, either party may create and sign a voucher.
// However, for now, we only accept them from the channel creator. // However, for now, we only accept them from the channel creator.
// More complex handling logic can be added later // More complex handling logic can be added later
if err := sigs.Verify(sv.Signature, pca.From, vb); err != nil { if err := sigs.Verify(sv.Signature, from, vb); err != nil {
return err return err
} }
@ -258,7 +290,7 @@ func (pm *Manager) AddVoucher(ctx context.Context, ch address.Address, sv *paych
// look for duplicates // look for duplicates
for i, v := range ci.Vouchers { for i, v := range ci.Vouchers {
eq, err := cborutil.Equals(sv, v) eq, err := cborutil.Equals(sv, v.Voucher)
if err != nil { if err != nil {
return types.BigInt{}, err return types.BigInt{}, err
} }