Merge pull request #411 from nspcc-dev/verifywitnesses-logic

Fixes #269, #368. Tested by RPC sendrawtransaction test.

pkg/core/blockchain.go

@@ -1,6 +1,7 @@
 package core
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"math"
@@ -12,6 +13,7 @@ import (
 	"github.com/CityOfZion/neo-go/pkg/core/transaction"
 	"github.com/CityOfZion/neo-go/pkg/io"
 	"github.com/CityOfZion/neo-go/pkg/util"
+	"github.com/CityOfZion/neo-go/pkg/vm"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 )
@@ -902,28 +904,35 @@ func (bc *Blockchain) VerifyWitnesses(t *transaction.Transaction) error {
 		verification := witnesses[i].VerificationScript
 
 		if len(verification) == 0 {
-			/*TODO: replicate following C# code:
-			using (ScriptBuilder sb = new ScriptBuilder())
-			{
-				sb.EmitAppCall(hashes[i].ToArray());
-				verification = sb.ToArray();
+			bb := new(bytes.Buffer)
+			err = vm.EmitAppCall(bb, hashes[i], false)
+			if err != nil {
+				return err
 			}
-			*/
-
+			verification = bb.Bytes()
 		} else {
 			if h := witnesses[i].ScriptHash(); hashes[i] != h {
 				return errors.Errorf("hash mismatch for script #%d", i)
 			}
 		}
 
-		/*TODO: replicate following C# code:
-		using (ApplicationEngine engine = new ApplicationEngine(TriggerType.Verification, verifiable, snapshot, Fixed8.Zero))
-		{
-			engine.LoadScript(verification);
-			engine.LoadScript(verifiable.Witnesses[i].InvocationScript);
-			if (!engine.Execute()) return false;
-			if (engine.ResultStack.Count != 1 || !engine.ResultStack.Pop().GetBoolean()) return false;
-		}*/
+		vm := vm.New(vm.ModeMute)
+		vm.SetCheckedHash(t.VerificationHash().Bytes())
+		vm.LoadScript(verification)
+		vm.LoadScript(witnesses[i].InvocationScript)
+		vm.Run()
+		if vm.HasFailed() {
+			return errors.Errorf("vm failed to execute the script")
+		}
+		res := vm.PopResult()
+		switch res.(type) {
+		case bool:
+			if !(res.(bool)) {
+				return errors.Errorf("signature check failed")
+			}
+		default:
+			return errors.Errorf("vm returned non-boolean result")
+		}
 	}
 
 	return nil

pkg/core/transaction/transaction.go

@@ -39,9 +39,12 @@ type Transaction struct {
 	// and invocation script.
 	Scripts []*Witness `json:"scripts"`
 
-	// hash of the transaction
+	// Hash of the transaction (double SHA256).
 	hash util.Uint256
 
+	// Hash of the transaction used to verify it (single SHA256).
+	verificationHash util.Uint256
+
 	// Trimmed indicates this is a transaction from trimmed
 	// data.
 	Trimmed bool `json:"-"`
@@ -59,11 +62,23 @@ func NewTrimmedTX(hash util.Uint256) *Transaction {
 // Hash return the hash of the transaction.
 func (t *Transaction) Hash() util.Uint256 {
 	if t.hash.Equals(util.Uint256{}) {
-		t.createHash()
+		if t.createHash() != nil {
+			panic("failed to compute hash!")
+		}
 	}
 	return t.hash
 }
 
+// VerificationHash returns the hash of the transaction used to verify it.
+func (t *Transaction) VerificationHash() util.Uint256 {
+	if t.verificationHash.Equals(util.Uint256{}) {
+		if t.createHash() != nil {
+			panic("failed to compute hash!")
+		}
+	}
+	return t.verificationHash
+}
+
 // AddOutput adds the given output to the transaction outputs.
 func (t *Transaction) AddOutput(out *Output) {
 	t.Outputs = append(t.Outputs, out)
@@ -196,7 +211,9 @@ func (t *Transaction) createHash() error {
 		return buf.Err
 	}
 
-	t.hash = hash.DoubleSha256(buf.Bytes())
+	b := buf.Bytes()
+	t.hash = hash.DoubleSha256(b)
+	t.verificationHash = hash.Sha256(b)
 
 	return nil
 }

pkg/vm/stack.go

@@ -1,6 +1,7 @@
 package vm
 
 import (
+	"fmt"
 	"math/big"
 
 	"github.com/CityOfZion/neo-go/pkg/util"
@@ -280,3 +281,39 @@ func (s *Stack) Iter(f func(*Element)) {
 		f(e)
 	}
 }
+
+// popSigElements pops keys or signatures from the stack as needed for
+// CHECKMULTISIG.
+func (s *Stack) popSigElements() ([][]byte, error) {
+	var num int
+	var elems [][]byte
+	item := s.Pop()
+	if item == nil {
+		return nil, fmt.Errorf("nothing on the stack")
+	}
+	switch item.value.(type) {
+	case *ArrayItem:
+		num = len(item.Array())
+		if num < 1 {
+			return nil, fmt.Errorf("less than one element in the array")
+		}
+		elems = make([][]byte, num)
+		for k, v := range item.Array() {
+			b, ok := v.Value().([]byte)
+			if !ok {
+				return nil, fmt.Errorf("bad element %s", v.String())
+			}
+			elems[k] = b
+		}
+	default:
+		num = int(item.BigInt().Int64())
+		if num < 1 || num > s.Len() {
+			return nil, fmt.Errorf("wrong number of elements: %d", num)
+		}
+		elems = make([][]byte, num)
+		for i := 0; i < num; i++ {
+			elems[i] = s.Pop().Bytes()
+		}
+	}
+	return elems, nil
+}

pkg/vm/stack_test.go

@@ -217,6 +217,44 @@ func TestSwapElemValues(t *testing.T) {
 	assert.Equal(t, int64(4), s.Pop().BigInt().Int64())
 }
 
+func TestPopSigElements(t *testing.T) {
+	s := NewStack("test")
+
+	_, err := s.popSigElements()
+	assert.NotNil(t, err)
+
+	s.PushVal([]StackItem{})
+	_, err = s.popSigElements()
+	assert.NotNil(t, err)
+
+	s.PushVal([]StackItem{NewBoolItem(false)})
+	_, err = s.popSigElements()
+	assert.NotNil(t, err)
+
+	b1 := []byte("smth")
+	b2 := []byte("strange")
+	s.PushVal([]StackItem{NewByteArrayItem(b1), NewByteArrayItem(b2)})
+	z, err := s.popSigElements()
+	assert.Nil(t, err)
+	assert.Equal(t, z, [][]byte{b1, b2})
+
+	s.PushVal(2)
+	_, err = s.popSigElements()
+	assert.NotNil(t, err)
+
+	s.PushVal(b1)
+	s.PushVal(2)
+	_, err = s.popSigElements()
+	assert.NotNil(t, err)
+
+	s.PushVal(b2)
+	s.PushVal(b1)
+	s.PushVal(2)
+	z, err = s.popSigElements()
+	assert.Nil(t, err)
+	assert.Equal(t, z, [][]byte{b1, b2})
+}
+
 func makeElements(n int) []*Element {
 	elems := make([]*Element, n)
 	for i := 0; i < n; i++ {

pkg/vm/vm.go

@@ -11,6 +11,7 @@ import (
 	"text/tabwriter"
 
 	"github.com/CityOfZion/neo-go/pkg/crypto/hash"
+	"github.com/CityOfZion/neo-go/pkg/crypto/keys"
 	"github.com/CityOfZion/neo-go/pkg/util"
 )
 
@@ -43,6 +44,8 @@ type VM struct {
 
 	// Mute all output after execution.
 	mute bool
+	// Hash to verify in CHECKSIG/CHECKMULTISIG.
+	checkhash []byte
 }
 
 // New returns a new VM object ready to load .avm bytecode scripts.
@@ -233,6 +236,18 @@ func (v *VM) Step() {
 	}
 }
 
+// HasFailed returns whether VM is in the failed state now. Usually used to
+// check status after Run.
+func (v *VM) HasFailed() bool {
+	return v.state.HasFlag(faultState)
+}
+
+// SetCheckedHash sets checked hash for CHECKSIG and CHECKMULTISIG instructions.
+func (v *VM) SetCheckedHash(h []byte) {
+	v.checkhash = make([]byte, len(h))
+	copy(v.checkhash, h)
+}
+
 // execute performs an instruction cycle in the VM. Acting on the instruction (opcode).
 func (v *VM) execute(ctx *Context, op Instruction) {
 	// Instead of polluting the whole VM logic with error handling, we will recover
@@ -842,7 +857,62 @@ func (v *VM) execute(ctx *Context, op Instruction) {
 			v.state = haltState
 		}
 
-	case CHECKSIG, VERIFY, CHECKMULTISIG, NEWMAP, HASKEY, KEYS, VALUES:
+	case CHECKSIG, VERIFY:
+		var hashToCheck []byte
+
+		keyb := v.estack.Pop().Bytes()
+		signature := v.estack.Pop().Bytes()
+		if op == CHECKSIG {
+			if v.checkhash == nil {
+				panic("VM is not set up properly for signature checks")
+			}
+			hashToCheck = v.checkhash
+		} else { // VERIFY
+			msg := v.estack.Pop().Bytes()
+			hashToCheck = hash.Sha256(msg).Bytes()
+		}
+		pkey := &keys.PublicKey{}
+		err := pkey.DecodeBytes(keyb)
+		if err != nil {
+			panic(err.Error())
+		}
+		res := pkey.Verify(signature, hashToCheck)
+		v.estack.PushVal(res)
+
+	case CHECKMULTISIG:
+		pkeys, err := v.estack.popSigElements()
+		if err != nil {
+			panic(fmt.Sprintf("wrong parameters: %s", err.Error()))
+		}
+		sigs, err := v.estack.popSigElements()
+		if err != nil {
+			panic(fmt.Sprintf("wrong parameters: %s", err.Error()))
+		}
+		if len(pkeys) < len(sigs) {
+			panic("more signatures than there are keys")
+		}
+		if v.checkhash == nil {
+			panic("VM is not set up properly for signature checks")
+		}
+		sigok := true
+		j := 0
+		for i := 0; sigok && i < len(pkeys) && j < len(sigs); {
+			pkey := &keys.PublicKey{}
+			err := pkey.DecodeBytes(pkeys[j])
+			if err != nil {
+				panic(err.Error())
+			}
+			if pkey.Verify(sigs[i], v.checkhash) {
+				i++
+			}
+			j++
+			if len(pkeys)-i > len(sigs)-j {
+				sigok = false
+			}
+		}
+		v.estack.PushVal(sigok)
+
+	case NEWMAP, HASKEY, KEYS, VALUES:
 		panic("unimplemented")
 
 	// Cryptographic operations.