Merge pull request #1320 from filecoin-project/feat/fix-signature-verification

Fix signature verification in adapters
2020-03-03 16:01:05 -08:00 · 2020-03-03 16:01:05 -08:00 · 8f1bf7a0ed
commit 8f1bf7a0ed
parent 61fcbd1664 72c0dbd8e5
5 changed files with 62 additions and 25 deletions
--- a/go.mod
+++ b/go.mod
@ -18,7 +18,7 @@ require (
 	github.com/filecoin-project/go-crypto v0.0.0-20191218222705-effae4ea9f03
 	github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce
 	github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5
-	github.com/filecoin-project/go-fil-markets v0.0.0-20200229032800-36a9b170996a
+	github.com/filecoin-project/go-fil-markets v0.0.0-20200303015849-1159079679ca
 	github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6
 	github.com/filecoin-project/go-paramfetch v0.0.2-0.20200218225740-47c639bab663
 	github.com/filecoin-project/go-sectorbuilder v0.0.2-0.20200228181617-f00e2c4cc050
--- a/go.sum
+++ b/go.sum
@ -112,8 +112,8 @@ github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce
 github.com/filecoin-project/go-data-transfer v0.0.0-20191219005021-4accf56bd2ce/go.mod h1:b14UWxhxVCAjrQUYvVGrQRRsjAh79wXYejw9RbUcAww=
 github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5 h1:yvQJCW9mmi9zy+51xA01Ea2X7/dL7r8eKDPuGUjRmbo=
 github.com/filecoin-project/go-fil-commcid v0.0.0-20200208005934-2b8bd03caca5/go.mod h1:JbkIgFF/Z9BDlvrJO1FuKkaWsH673/UdFaiVS6uIHlA=
-github.com/filecoin-project/go-fil-markets v0.0.0-20200229032800-36a9b170996a h1:8Mgw8AxjfWF4dGxnRtGLss0wZYXI3mYnHUhIdvfQqOQ=
-github.com/filecoin-project/go-fil-markets v0.0.0-20200229032800-36a9b170996a/go.mod h1:rfRwhd3ujcCXnD4N9oEM2wjh8GRZGoeNXME+UPG/9ts=
+github.com/filecoin-project/go-fil-markets v0.0.0-20200303015849-1159079679ca h1:EccB/LgjrA6EVSpaVDfQyWe1DS3c0x1DcASBQ8beUdg=
+github.com/filecoin-project/go-fil-markets v0.0.0-20200303015849-1159079679ca/go.mod h1:rfRwhd3ujcCXnD4N9oEM2wjh8GRZGoeNXME+UPG/9ts=
 github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6 h1:92PET+sx1Hb4W/8CgFwGuxaKbttwY+UNspYZTvXY0vs=
 github.com/filecoin-project/go-padreader v0.0.0-20200210211231-548257017ca6/go.mod h1:0HgYnrkeSU4lu1p+LEOeDpFsNBssa0OGGriWdA4hvaE=
 github.com/filecoin-project/go-paramfetch v0.0.2-0.20200218225740-47c639bab663 h1:eYxi6vI5CyeXD15X1bB3bledDXbqKxqf0wQzTLgwYwA=
@ -128,8 +128,6 @@ github.com/filecoin-project/go-statestore v0.1.0 h1:t56reH59843TwXHkMcwyuayStBIi
 github.com/filecoin-project/go-statestore v0.1.0/go.mod h1:LFc9hD+fRxPqiHiaqUEZOinUJB4WARkRfNl10O7kTnI=
 github.com/filecoin-project/specs-actors v0.0.0-20200210130641-2d1fbd8672cf/go.mod h1:xtDZUB6pe4Pksa/bAJbJ693OilaC5Wbot9jMhLm3cZA=
 github.com/filecoin-project/specs-actors v0.0.0-20200226200336-94c9b92b2775/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU=
-github.com/filecoin-project/specs-actors v0.0.0-20200229011003-1d726e3afd04 h1:O343OeQLkLWLj5ZqQ5nhevAGBTeB5LioiA53ddScqdY=
-github.com/filecoin-project/specs-actors v0.0.0-20200229011003-1d726e3afd04/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU=
 github.com/filecoin-project/specs-actors v0.0.0-20200302011114-7d19171ad051 h1:DX/fGDuARZwasW9ka9k1eK510bjHm/pfxY6JDjAxP1I=
 github.com/filecoin-project/specs-actors v0.0.0-20200302011114-7d19171ad051/go.mod h1:0HAWYrvajFHDgRaKbF0rl+IybVLZL5z4gQ8koCMPhoU=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
--- a/markets/storageadapter/client.go
+++ b/markets/storageadapter/client.go
@ -23,6 +23,7 @@ import (
 	"github.com/filecoin-project/lotus/chain/stmgr"
 	"github.com/filecoin-project/lotus/chain/store"
 	"github.com/filecoin-project/lotus/chain/types"
+	"github.com/filecoin-project/lotus/lib/sigs"
 	"github.com/filecoin-project/lotus/markets/utils"
 	"github.com/filecoin-project/lotus/node/impl/full"
 )
@ -92,8 +93,8 @@ func (n *ClientNodeAdapter) ListStorageProviders(ctx context.Context) ([]*storag
 }

 func (n *ClientNodeAdapter) VerifySignature(sig crypto.Signature, addr address.Address, input []byte) bool {
-	log.Warn("stub VerifySignature")
-	return true
+	err := sigs.Verify(&sig, addr, input)
+	return err == nil
 }

 func (n *ClientNodeAdapter) ListClientDeals(ctx context.Context, addr address.Address) ([]storagemarket.StorageDeal, error) {
@ -328,13 +329,19 @@ func (c *ClientNodeAdapter) OnDealSectorCommitted(ctx context.Context, provider

 func (n *ClientNodeAdapter) SignProposal(ctx context.Context, signer address.Address, proposal samarket.DealProposal) (*samarket.ClientDealProposal, error) {
 	// TODO: output spec signed proposal
-	log.Warn("TODO: stub SignProposal")
+	buf, err := cborutil.Dump(&proposal)
+	if err != nil {
+		return nil, err
+	}
+
+	sig, err := n.Wallet.Sign(ctx, signer, buf)
+	if err != nil {
+		return nil, err
+	}
+
 	return &samarket.ClientDealProposal{
 		Proposal:        proposal,
-		ClientSignature: crypto.Signature{
-			Type: crypto.SigTypeBLS,
-			Data: []byte{},
-		},
+		ClientSignature: *sig,
 	}, nil
 }

@ -356,9 +363,8 @@ func (n *ClientNodeAdapter) ValidateAskSignature(ask *storagemarket.SignedStorag
 		return xerrors.Errorf("failed to re-serialize ask")
 	}

-	_ = w
-	_ = sigb
-	panic("verify signature")
+	return sigs.Verify(ask.Signature, w, sigb)
+
 }

 var _ storagemarket.StorageClientNode = &ClientNodeAdapter{}
--- a/markets/storageadapter/provider.go
+++ b/markets/storageadapter/provider.go
@ -13,7 +13,7 @@ import (
 	"github.com/filecoin-project/specs-actors/actors/builtin/miner"
 	"github.com/filecoin-project/specs-actors/actors/crypto"
 	"github.com/ipfs/go-cid"
-	logging "github.com/ipfs/go-log"
+	logging "github.com/ipfs/go-log/v2"
 	"golang.org/x/xerrors"

 	"github.com/filecoin-project/go-address"
@ -23,6 +23,7 @@ import (
 	"github.com/filecoin-project/lotus/chain/actors"
 	"github.com/filecoin-project/lotus/chain/events"
 	"github.com/filecoin-project/lotus/chain/types"
+	"github.com/filecoin-project/lotus/lib/sigs"
 	"github.com/filecoin-project/lotus/markets/utils"
 	"github.com/filecoin-project/lotus/node/modules/dtypes"
 	"github.com/filecoin-project/lotus/storage/sealing"
@ -109,8 +110,8 @@ func (n *ProviderNodeAdapter) OnDealComplete(ctx context.Context, deal storagema
 }

 func (n *ProviderNodeAdapter) VerifySignature(sig crypto.Signature, addr address.Address, input []byte) bool {
-	log.Warn("stub VerifySignature")
-	return true
+	err := sigs.Verify(&sig, addr, input)
+	return err == nil
 }

 func (n *ProviderNodeAdapter) ListProviderDeals(ctx context.Context, addr address.Address) ([]storagemarket.StorageDeal, error) {
--- a/paychmgr/paych.go
+++ b/paychmgr/paych.go
@ -8,6 +8,7 @@ import (

 	cborutil "github.com/filecoin-project/go-cbor-util"
 	"github.com/filecoin-project/specs-actors/actors/builtin"
+	"github.com/filecoin-project/specs-actors/actors/builtin/account"
 	"github.com/filecoin-project/specs-actors/actors/builtin/paych"
 	"golang.org/x/xerrors"

@ -69,6 +70,18 @@ func (pm *Manager) TrackInboundChannel(ctx context.Context, ch address.Address)
 		return err
 	}

+	var account account.State
+	_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
+	if err != nil {
+		return err
+	}
+	from := account.Address
+	_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
+	if err != nil {
+		return err
+	}
+	to := account.Address
+
 	maxLane, err := maxLaneFromState(st)
 	if err != nil {
 		return err
@ -76,8 +89,8 @@ func (pm *Manager) TrackInboundChannel(ctx context.Context, ch address.Address)

 	return pm.store.TrackChannel(&ChannelInfo{
 		Channel: ch,
-		Control: st.To,
-		Target:  st.From,
+		Control: to,
+		Target:  from,

 		Direction: DirInbound,
 		NextLane:  maxLane + 1,
@ -95,10 +108,22 @@ func (pm *Manager) loadOutboundChannelInfo(ctx context.Context, ch address.Addre
 		return nil, err
 	}

+	var account account.State
+	_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
+	if err != nil {
+		return nil, err
+	}
+	from := account.Address
+	_, err = pm.sm.LoadActorState(ctx, st.From, &account, nil)
+	if err != nil {
+		return nil, err
+	}
+	to := account.Address
+
 	return &ChannelInfo{
 		Channel: ch,
-		Control: st.From,
-		Target:  st.To,
+		Control: from,
+		Target:  to,

 		Direction: DirOutbound,
 		NextLane:  maxLane + 1,
@ -129,6 +154,13 @@ func (pm *Manager) CheckVoucherValid(ctx context.Context, ch address.Address, sv
 		return err
 	}

+	var account account.State
+	_, err = pm.sm.LoadActorState(ctx, pca.From, &account, nil)
+	if err != nil {
+		return err
+	}
+	from := account.Address
+
 	// verify signature
 	vb, err := sv.SigningBytes()
 	if err != nil {
@ -138,7 +170,7 @@ func (pm *Manager) CheckVoucherValid(ctx context.Context, ch address.Address, sv
 	// TODO: technically, either party may create and sign a voucher.
 	// However, for now, we only accept them from the channel creator.
 	// More complex handling logic can be added later
-	if err := sigs.Verify(sv.Signature, pca.From, vb); err != nil {
+	if err := sigs.Verify(sv.Signature, from, vb); err != nil {
 		return err
 	}

@ -258,7 +290,7 @@ func (pm *Manager) AddVoucher(ctx context.Context, ch address.Address, sv *paych

 	// look for duplicates
 	for i, v := range ci.Vouchers {
-		eq, err := cborutil.Equals(sv, v)
+		eq, err := cborutil.Equals(sv, v.Voucher)
 		if err != nil {
 			return types.BigInt{}, err
 		}