neoneo-go/pkg/core/interop/runtime/witness.go

package runtime

import (
	"crypto/elliptic"

	"github.com/nspcc-dev/neo-go/pkg/core/dao"
	"github.com/nspcc-dev/neo-go/pkg/core/interop"
	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
	"github.com/nspcc-dev/neo-go/pkg/util"
	"github.com/nspcc-dev/neo-go/pkg/vm"
	"github.com/pkg/errors"
)

// CheckHashedWitness checks given hash against current list of script hashes
// for verifying in the interop context.
func CheckHashedWitness(ic *interop.Context, hash util.Uint160) (bool, error) {
	if tx, ok := ic.Container.(*transaction.Transaction); ok {
		return checkScope(ic.DAO, tx, ic.ScriptGetter, hash)
	}

	return false, errors.New("script container is not a transaction")
}

func checkScope(d dao.DAO, tx *transaction.Transaction, v vm.ScriptHashGetter, hash util.Uint160) (bool, error) {
	for _, c := range tx.Signers {
		if c.Account == hash {
			if c.Scopes == transaction.Global {
				return true, nil
			}
			if c.Scopes&transaction.CalledByEntry != 0 {
				callingScriptHash := v.GetCallingScriptHash()
				entryScriptHash := v.GetEntryScriptHash()
				if callingScriptHash == entryScriptHash {
					return true, nil
				}
			}
			if c.Scopes&transaction.CustomContracts != 0 {
				currentScriptHash := v.GetCurrentScriptHash()
				for _, allowedContract := range c.AllowedContracts {
					if allowedContract == currentScriptHash {
						return true, nil
					}
				}
			}
			if c.Scopes&transaction.CustomGroups != 0 {
				callingScriptHash := v.GetCallingScriptHash()
				if callingScriptHash.Equals(util.Uint160{}) {
					return false, nil
				}
				cs, err := d.GetContractState(callingScriptHash)
				if err != nil {
					return false, err
				}
				// check if the current group is the required one
				for _, allowedGroup := range c.AllowedGroups {
					for _, group := range cs.Manifest.Groups {
						if group.PublicKey.Equal(allowedGroup) {
							return true, nil
						}
					}
				}
			}
			return false, nil
		}
	}
	return false, nil
}

// CheckKeyedWitness checks hash of signature check contract with a given public
// key against current list of script hashes for verifying in the interop context.
func CheckKeyedWitness(ic *interop.Context, key *keys.PublicKey) (bool, error) {
	return CheckHashedWitness(ic, key.GetScriptHash())
}

// CheckWitness checks witnesses.
func CheckWitness(ic *interop.Context) error {
	var res bool
	var err error

	hashOrKey := ic.VM.Estack().Pop().Bytes()
	hash, err := util.Uint160DecodeBytesBE(hashOrKey)
	if err != nil {
		var key *keys.PublicKey
		key, err = keys.NewPublicKeyFromBytes(hashOrKey, elliptic.P256())
		if err != nil {
			return errors.New("parameter given is neither a key nor a hash")
		}
		res, err = CheckKeyedWitness(ic, key)
	} else {
		res, err = CheckHashedWitness(ic, hash)
	}
	if err != nil {
		return errors.Wrap(err, "failed to check")
	}
	ic.VM.Estack().PushVal(res)
	return nil
}
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`package runtime`

			`import (`
core: implement Secp256k1 Verify and CheckMultisig interops Closes #918. 2020-07-13 09:59:41 +00:00			`"crypto/elliptic"`

interop: perform contract checks in CheckWitness 2020-06-09 09:27:53 +00:00			`"github.com/nspcc-dev/neo-go/pkg/core/dao"`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`"github.com/nspcc-dev/neo-go/pkg/core/interop"`
core: add cosigners field to transaction closes #864 2020-04-30 13:00:33 +00:00			`"github.com/nspcc-dev/neo-go/pkg/core/transaction"`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`"github.com/nspcc-dev/neo-go/pkg/crypto/keys"`
			`"github.com/nspcc-dev/neo-go/pkg/util"`
			`"github.com/nspcc-dev/neo-go/pkg/vm"`
			`"github.com/pkg/errors"`
			`)`

			`// CheckHashedWitness checks given hash against current list of script hashes`
			`// for verifying in the interop context.`
interop/native: always use proper ScriptHashGetter, fix #924 All scripts are run in VM, so it's there to tell us about script hashes involved and it must be used instead of nep5ScriptHash kludge. 2020-07-15 19:43:30 +00:00			`func CheckHashedWitness(ic *interop.Context, hash util.Uint160) (bool, error) {`
core: add cosigners field to transaction closes #864 2020-04-30 13:00:33 +00:00			`if tx, ok := ic.Container.(*transaction.Transaction); ok {`
interop/native: always use proper ScriptHashGetter, fix #924 All scripts are run in VM, so it's there to tell us about script hashes involved and it must be used instead of nep5ScriptHash kludge. 2020-07-15 19:43:30 +00:00			`return checkScope(ic.DAO, tx, ic.ScriptGetter, hash)`
core: add cosigners field to transaction closes #864 2020-04-30 13:00:33 +00:00			`}`

core: adjust System.Runtime.CheckWitness interop Part of #1055. It should have `AllowStates` flag. Also removed unreachable code: we can't have such situation when script container is not a transaction in the scope of `CheckWitness` method because: 1. Blocks have their own implementation of CheckWitness for internal usage (it's (bc *Blockchain) verifyHeaderWitnesses method). 2. For the outside calls of System.Runtime.CheckWitness interop (e.g. calls from smart-contract) script container is always a transaction. 2020-07-21 11:02:47 +00:00			`return false, errors.New("script container is not a transaction")`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`}`

interop: perform contract checks in CheckWitness 2020-06-09 09:27:53 +00:00			`func checkScope(d dao.DAO, tx *transaction.Transaction, v vm.ScriptHashGetter, hash util.Uint160) (bool, error) {`
core: move transaction's sender to cosigners Closes #1184 Ported changes from https://github.com/neo-project/neo/pull/1752 2020-07-29 16:57:38 +00:00			`for _, c := range tx.Signers {`
core: add cosigners field to transaction closes #864 2020-04-30 13:00:33 +00:00			`if c.Account == hash {`
			`if c.Scopes == transaction.Global {`
			`return true, nil`
			`}`
			`if c.Scopes&transaction.CalledByEntry != 0 {`
			`callingScriptHash := v.GetCallingScriptHash()`
			`entryScriptHash := v.GetEntryScriptHash()`
			`if callingScriptHash == entryScriptHash {`
			`return true, nil`
			`}`
			`}`
			`if c.Scopes&transaction.CustomContracts != 0 {`
			`currentScriptHash := v.GetCurrentScriptHash()`
			`for _, allowedContract := range c.AllowedContracts {`
			`if allowedContract == currentScriptHash {`
			`return true, nil`
			`}`
			`}`
			`}`
			`if c.Scopes&transaction.CustomGroups != 0 {`
interop: perform contract checks in CheckWitness 2020-06-09 09:27:53 +00:00			`callingScriptHash := v.GetCallingScriptHash()`
			`if callingScriptHash.Equals(util.Uint160{}) {`
core: add cosigners field to transaction closes #864 2020-04-30 13:00:33 +00:00			`return false, nil`
			`}`
interop: perform contract checks in CheckWitness 2020-06-09 09:27:53 +00:00			`cs, err := d.GetContractState(callingScriptHash)`
core: add cosigners field to transaction closes #864 2020-04-30 13:00:33 +00:00			`if err != nil {`
			`return false, err`
			`}`
			`// check if the current group is the required one`
			`for _, allowedGroup := range c.AllowedGroups {`
			`for _, group := range cs.Manifest.Groups {`
			`if group.PublicKey.Equal(allowedGroup) {`
			`return true, nil`
			`}`
			`}`
interop: perform contract checks in CheckWitness 2020-06-09 09:27:53 +00:00			`}`
core: add cosigners field to transaction closes #864 2020-04-30 13:00:33 +00:00			`}`
			`return false, nil`
			`}`
			`}`
			`return false, nil`
			`}`

core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`// CheckKeyedWitness checks hash of signature check contract with a given public`
			`// key against current list of script hashes for verifying in the interop context.`
interop/native: always use proper ScriptHashGetter, fix #924 All scripts are run in VM, so it's there to tell us about script hashes involved and it must be used instead of nep5ScriptHash kludge. 2020-07-15 19:43:30 +00:00			`func CheckKeyedWitness(ic interop.Context, key keys.PublicKey) (bool, error) {`
			`return CheckHashedWitness(ic, key.GetScriptHash())`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`}`

			`// CheckWitness checks witnesses.`
core: add VM into interop context 2020-08-07 11:37:49 +00:00			`func CheckWitness(ic *interop.Context) error {`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`var res bool`
			`var err error`

core: add VM into interop context 2020-08-07 11:37:49 +00:00			`hashOrKey := ic.VM.Estack().Pop().Bytes()`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`hash, err := util.Uint160DecodeBytesBE(hashOrKey)`
			`if err != nil {`
			`var key *keys.PublicKey`
core: implement Secp256k1 Verify and CheckMultisig interops Closes #918. 2020-07-13 09:59:41 +00:00			`key, err = keys.NewPublicKeyFromBytes(hashOrKey, elliptic.P256())`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`if err != nil {`
			`return errors.New("parameter given is neither a key nor a hash")`
			`}`
interop/native: always use proper ScriptHashGetter, fix #924 All scripts are run in VM, so it's there to tell us about script hashes involved and it must be used instead of nep5ScriptHash kludge. 2020-07-15 19:43:30 +00:00			`res, err = CheckKeyedWitness(ic, key)`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`} else {`
interop/native: always use proper ScriptHashGetter, fix #924 All scripts are run in VM, so it's there to tell us about script hashes involved and it must be used instead of nep5ScriptHash kludge. 2020-07-15 19:43:30 +00:00			`res, err = CheckHashedWitness(ic, hash)`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`}`
			`if err != nil {`
			`return errors.Wrap(err, "failed to check")`
			`}`
core: add VM into interop context 2020-08-07 11:37:49 +00:00			`ic.VM.Estack().PushVal(res)`
core: move runtime.CheckWitness interop to a separate package 2020-04-13 12:56:41 +00:00			`return nil`
			`}`