Merge pull request #411 from nspcc-dev/verifywitnesses-logic
Fixes #269, #368. Tested by RPC sendrawtransaction test.
This commit is contained in:
Roman Khimov
GitHub
commit
dac1f9367c
6 changed files with 580 additions and 161 deletions
|
|
@ -1,6 +1,7 @@
|
|||
package core
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"math"
|
||||
|
|
@ -12,6 +13,7 @@ import (
|
|||
"github.com/CityOfZion/neo-go/pkg/core/transaction"
|
||||
"github.com/CityOfZion/neo-go/pkg/io"
|
||||
"github.com/CityOfZion/neo-go/pkg/util"
|
||||
"github.com/CityOfZion/neo-go/pkg/vm"
|
||||
"github.com/pkg/errors"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
|
@ -902,28 +904,35 @@ func (bc *Blockchain) VerifyWitnesses(t *transaction.Transaction) error {
|
|||
verification := witnesses[i].VerificationScript
|
||||
|
||||
if len(verification) == 0 {
|
||||
/*TODO: replicate following C# code:
|
||||
using (ScriptBuilder sb = new ScriptBuilder())
|
||||
{
|
||||
sb.EmitAppCall(hashes[i].ToArray());
|
||||
verification = sb.ToArray();
|
||||
bb := new(bytes.Buffer)
|
||||
err = vm.EmitAppCall(bb, hashes[i], false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*/
|
||||
|
||||
verification = bb.Bytes()
|
||||
} else {
|
||||
if h := witnesses[i].ScriptHash(); hashes[i] != h {
|
||||
return errors.Errorf("hash mismatch for script #%d", i)
|
||||
}
|
||||
}
|
||||
|
||||
/*TODO: replicate following C# code:
|
||||
using (ApplicationEngine engine = new ApplicationEngine(TriggerType.Verification, verifiable, snapshot, Fixed8.Zero))
|
||||
{
|
||||
engine.LoadScript(verification);
|
||||
engine.LoadScript(verifiable.Witnesses[i].InvocationScript);
|
||||
if (!engine.Execute()) return false;
|
||||
if (engine.ResultStack.Count != 1 || !engine.ResultStack.Pop().GetBoolean()) return false;
|
||||
}*/
|
||||
vm := vm.New(vm.ModeMute)
|
||||
vm.SetCheckedHash(t.VerificationHash().Bytes())
|
||||
vm.LoadScript(verification)
|
||||
vm.LoadScript(witnesses[i].InvocationScript)
|
||||
vm.Run()
|
||||
if vm.HasFailed() {
|
||||
return errors.Errorf("vm failed to execute the script")
|
||||
}
|
||||
res := vm.PopResult()
|
||||
switch res.(type) {
|
||||
case bool:
|
||||
if !(res.(bool)) {
|
||||
return errors.Errorf("signature check failed")
|
||||
}
|
||||
default:
|
||||
return errors.Errorf("vm returned non-boolean result")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -39,9 +39,12 @@ type Transaction struct {
|
|||
// and invocation script.
|
||||
Scripts []*Witness `json:"scripts"`
|
||||
|
||||
// hash of the transaction
|
||||
// Hash of the transaction (double SHA256).
|
||||
hash util.Uint256
|
||||
|
||||
// Hash of the transaction used to verify it (single SHA256).
|
||||
verificationHash util.Uint256
|
||||
|
||||
// Trimmed indicates this is a transaction from trimmed
|
||||
// data.
|
||||
Trimmed bool `json:"-"`
|
||||
|
|
@ -59,11 +62,23 @@ func NewTrimmedTX(hash util.Uint256) *Transaction {
|
|||
// Hash return the hash of the transaction.
|
||||
func (t *Transaction) Hash() util.Uint256 {
|
||||
if t.hash.Equals(util.Uint256{}) {
|
||||
t.createHash()
|
||||
if t.createHash() != nil {
|
||||
panic("failed to compute hash!")
|
||||
}
|
||||
}
|
||||
return t.hash
|
||||
}
|
||||
|
||||
// VerificationHash returns the hash of the transaction used to verify it.
|
||||
func (t *Transaction) VerificationHash() util.Uint256 {
|
||||
if t.verificationHash.Equals(util.Uint256{}) {
|
||||
if t.createHash() != nil {
|
||||
panic("failed to compute hash!")
|
||||
}
|
||||
}
|
||||
return t.verificationHash
|
||||
}
|
||||
|
||||
// AddOutput adds the given output to the transaction outputs.
|
||||
func (t *Transaction) AddOutput(out *Output) {
|
||||
t.Outputs = append(t.Outputs, out)
|
||||
|
|
@ -196,7 +211,9 @@ func (t *Transaction) createHash() error {
|
|||
return buf.Err
|
||||
}
|
||||
|
||||
t.hash = hash.DoubleSha256(buf.Bytes())
|
||||
b := buf.Bytes()
|
||||
t.hash = hash.DoubleSha256(b)
|
||||
t.verificationHash = hash.Sha256(b)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package vm
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"math/big"
|
||||
|
||||
"github.com/CityOfZion/neo-go/pkg/util"
|
||||
|
|
@ -280,3 +281,39 @@ func (s *Stack) Iter(f func(*Element)) {
|
|||
f(e)
|
||||
}
|
||||
}
|
||||
|
||||
// popSigElements pops keys or signatures from the stack as needed for
|
||||
// CHECKMULTISIG.
|
||||
func (s *Stack) popSigElements() ([][]byte, error) {
|
||||
var num int
|
||||
var elems [][]byte
|
||||
item := s.Pop()
|
||||
if item == nil {
|
||||
return nil, fmt.Errorf("nothing on the stack")
|
||||
}
|
||||
switch item.value.(type) {
|
||||
case *ArrayItem:
|
||||
num = len(item.Array())
|
||||
if num < 1 {
|
||||
return nil, fmt.Errorf("less than one element in the array")
|
||||
}
|
||||
elems = make([][]byte, num)
|
||||
for k, v := range item.Array() {
|
||||
b, ok := v.Value().([]byte)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("bad element %s", v.String())
|
||||
}
|
||||
elems[k] = b
|
||||
}
|
||||
default:
|
||||
num = int(item.BigInt().Int64())
|
||||
if num < 1 || num > s.Len() {
|
||||
return nil, fmt.Errorf("wrong number of elements: %d", num)
|
||||
}
|
||||
elems = make([][]byte, num)
|
||||
for i := 0; i < num; i++ {
|
||||
elems[i] = s.Pop().Bytes()
|
||||
}
|
||||
}
|
||||
return elems, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -217,6 +217,44 @@ func TestSwapElemValues(t *testing.T) {
|
|||
assert.Equal(t, int64(4), s.Pop().BigInt().Int64())
|
||||
}
|
||||
|
||||
func TestPopSigElements(t *testing.T) {
|
||||
s := NewStack("test")
|
||||
|
||||
_, err := s.popSigElements()
|
||||
assert.NotNil(t, err)
|
||||
|
||||
s.PushVal([]StackItem{})
|
||||
_, err = s.popSigElements()
|
||||
assert.NotNil(t, err)
|
||||
|
||||
s.PushVal([]StackItem{NewBoolItem(false)})
|
||||
_, err = s.popSigElements()
|
||||
assert.NotNil(t, err)
|
||||
|
||||
b1 := []byte("smth")
|
||||
b2 := []byte("strange")
|
||||
s.PushVal([]StackItem{NewByteArrayItem(b1), NewByteArrayItem(b2)})
|
||||
z, err := s.popSigElements()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, z, [][]byte{b1, b2})
|
||||
|
||||
s.PushVal(2)
|
||||
_, err = s.popSigElements()
|
||||
assert.NotNil(t, err)
|
||||
|
||||
s.PushVal(b1)
|
||||
s.PushVal(2)
|
||||
_, err = s.popSigElements()
|
||||
assert.NotNil(t, err)
|
||||
|
||||
s.PushVal(b2)
|
||||
s.PushVal(b1)
|
||||
s.PushVal(2)
|
||||
z, err = s.popSigElements()
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, z, [][]byte{b1, b2})
|
||||
}
|
||||
|
||||
func makeElements(n int) []*Element {
|
||||
elems := make([]*Element, n)
|
||||
for i := 0; i < n; i++ {
|
||||
|
|
|
|||
72
pkg/vm/vm.go
72
pkg/vm/vm.go
|
|
@ -11,6 +11,7 @@ import (
|
|||
"text/tabwriter"
|
||||
|
||||
"github.com/CityOfZion/neo-go/pkg/crypto/hash"
|
||||
"github.com/CityOfZion/neo-go/pkg/crypto/keys"
|
||||
"github.com/CityOfZion/neo-go/pkg/util"
|
||||
)
|
||||
|
||||
|
|
@ -43,6 +44,8 @@ type VM struct {
|
|||
|
||||
// Mute all output after execution.
|
||||
mute bool
|
||||
// Hash to verify in CHECKSIG/CHECKMULTISIG.
|
||||
checkhash []byte
|
||||
}
|
||||
|
||||
// New returns a new VM object ready to load .avm bytecode scripts.
|
||||
|
|
@ -233,6 +236,18 @@ func (v *VM) Step() {
|
|||
}
|
||||
}
|
||||
|
||||
// HasFailed returns whether VM is in the failed state now. Usually used to
|
||||
// check status after Run.
|
||||
func (v *VM) HasFailed() bool {
|
||||
return v.state.HasFlag(faultState)
|
||||
}
|
||||
|
||||
// SetCheckedHash sets checked hash for CHECKSIG and CHECKMULTISIG instructions.
|
||||
func (v *VM) SetCheckedHash(h []byte) {
|
||||
v.checkhash = make([]byte, len(h))
|
||||
copy(v.checkhash, h)
|
||||
}
|
||||
|
||||
// execute performs an instruction cycle in the VM. Acting on the instruction (opcode).
|
||||
func (v *VM) execute(ctx *Context, op Instruction) {
|
||||
// Instead of polluting the whole VM logic with error handling, we will recover
|
||||
|
|
@ -842,7 +857,62 @@ func (v *VM) execute(ctx *Context, op Instruction) {
|
|||
v.state = haltState
|
||||
}
|
||||
|
||||
case CHECKSIG, VERIFY, CHECKMULTISIG, NEWMAP, HASKEY, KEYS, VALUES:
|
||||
case CHECKSIG, VERIFY:
|
||||
var hashToCheck []byte
|
||||
|
||||
keyb := v.estack.Pop().Bytes()
|
||||
signature := v.estack.Pop().Bytes()
|
||||
if op == CHECKSIG {
|
||||
if v.checkhash == nil {
|
||||
panic("VM is not set up properly for signature checks")
|
||||
}
|
||||
hashToCheck = v.checkhash
|
||||
} else { // VERIFY
|
||||
msg := v.estack.Pop().Bytes()
|
||||
hashToCheck = hash.Sha256(msg).Bytes()
|
||||
}
|
||||
pkey := &keys.PublicKey{}
|
||||
err := pkey.DecodeBytes(keyb)
|
||||
if err != nil {
|
||||
panic(err.Error())
|
||||
}
|
||||
res := pkey.Verify(signature, hashToCheck)
|
||||
v.estack.PushVal(res)
|
||||
|
||||
case CHECKMULTISIG:
|
||||
pkeys, err := v.estack.popSigElements()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("wrong parameters: %s", err.Error()))
|
||||
}
|
||||
sigs, err := v.estack.popSigElements()
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("wrong parameters: %s", err.Error()))
|
||||
}
|
||||
if len(pkeys) < len(sigs) {
|
||||
panic("more signatures than there are keys")
|
||||
}
|
||||
if v.checkhash == nil {
|
||||
panic("VM is not set up properly for signature checks")
|
||||
}
|
||||
sigok := true
|
||||
j := 0
|
||||
for i := 0; sigok && i < len(pkeys) && j < len(sigs); {
|
||||
pkey := &keys.PublicKey{}
|
||||
err := pkey.DecodeBytes(pkeys[j])
|
||||
if err != nil {
|
||||
panic(err.Error())
|
||||
}
|
||||
if pkey.Verify(sigs[i], v.checkhash) {
|
||||
i++
|
||||
}
|
||||
j++
|
||||
if len(pkeys)-i > len(sigs)-j {
|
||||
sigok = false
|
||||
}
|
||||
}
|
||||
v.estack.PushVal(sigok)
|
||||
|
||||
case NEWMAP, HASKEY, KEYS, VALUES:
|
||||
panic("unimplemented")
|
||||
|
||||
// Cryptographic operations.
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue