Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

init validator tx - verify ownership of used keys #2163

Merged
merged 7 commits into from
Nov 21, 2023
Merged

init validator tx - verify ownership of used keys #2163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a20bd2a
client: sign tx_init_validator with all keys used
tzemanovic Nov 12, 2023
2a97981
ledger: add a tx host fn for sig verification
tzemanovic Nov 12, 2023
03524aa
wasm/tx_init_validator: check ownership of used keys with sigs
tzemanovic Nov 12, 2023
0a64056
client: store validator protocol key in the regular wallet
tzemanovic Nov 12, 2023
a9771c2
changelog: add #2163
tzemanovic Nov 12, 2023
7adadaa
fix `init_validator` bench
brentstone Nov 16, 2023
88578bf
refactor sig verification gas handling
tzemanovic Nov 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .changelog/unreleased/improvements/2163-init-validator-own-keys.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
- Require to verify ownership of all validator keys when initialized on-chain.
([\#2163](https://github.com/anoma/namada/pull/2163))
10 changes: 5 additions & 5 deletions apps/src/lib/bench_utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ impl Default for BenchShell {
bond,
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
);

bench_shell.execute_tx(&signed_tx);
Expand All @@ -263,7 +263,7 @@ impl Default for BenchShell {
},
None,
Some(vec![content_section]),
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
);

bench_shell.execute_tx(&signed_tx);
Expand Down Expand Up @@ -291,7 +291,7 @@ impl BenchShell {
data: impl BorshSerialize,
shielded: Option<Transaction>,
extra_sections: Option<Vec<Section>>,
signer: Option<&SecretKey>,
signers: Vec<&SecretKey>,
) -> Tx {
let mut tx =
Tx::from_type(namada::types::transaction::TxType::Decrypted(
Expand Down Expand Up @@ -320,7 +320,7 @@ impl BenchShell {
}
}

if let Some(signer) = signer {
for signer in signers {
tx.add_section(Section::Signature(Signature::new(
vec![tx.raw_header_hash()],
[(0, signer.clone())].into_iter().collect(),
Expand Down Expand Up @@ -893,7 +893,7 @@ impl BenchShieldedCtx {
},
shielded,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
}
}
35 changes: 32 additions & 3 deletions apps/src/lib/client/tx.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,9 @@ use rand::rngs::OsRng;
use super::rpc;
use crate::cli::{args, safe_exit};
use crate::client::rpc::query_wasm_code_hash;
use crate::client::tx::signing::{default_sign, SigningTxData};
use crate::client::tx::signing::{
default_sign, init_validator_signing_data, SigningTxData,
};
use crate::client::tx::tx::ProcessTxResponse;
use crate::config::TendermintMode;
use crate::facade::tendermint_rpc::endpoint::broadcast::tx_sync::Response;
Expand Down Expand Up @@ -363,6 +365,7 @@ pub async fn submit_init_validator<'a>(

let validator_key_alias = format!("{}-key", alias);
let consensus_key_alias = format!("{}-consensus-key", alias);
let protocol_key_alias = format!("{}-protocol-key", alias);

let threshold = match threshold {
Some(threshold) => threshold,
Expand Down Expand Up @@ -477,7 +480,25 @@ pub async fn submit_init_validator<'a>(
scheme,
)
.unwrap();
let protocol_key = validator_keys.get_protocol_keypair().ref_to();
let protocol_sk = validator_keys.get_protocol_keypair();
let protocol_key = protocol_sk.to_public();

// Store the protocol key in the wallet so that we can sign the tx with it
// to verify ownership
display_line!(namada.io(), "Storing protocol key in the wallet...");
let password = read_and_confirm_encryption_password(unsafe_dont_encrypt);
namada
.wallet_mut()
.await
.insert_keypair(
protocol_key_alias,
tx_args.wallet_alias_force,
protocol_sk.clone(),
password,
None,
None,
)
.map_err(|err| error::Error::Other(err.to_string()))?;

let validator_vp_code_hash =
query_wasm_code_hash(namada, validator_vp_code_path.to_str().unwrap())
Expand Down Expand Up @@ -546,9 +567,17 @@ pub async fn submit_init_validator<'a>(
validator_vp_code_hash: extra_section_hash,
};

// Put together all the PKs that we have to sign with to verify ownership
let mut all_pks = data.account_keys.clone();
all_pks.push(consensus_key.to_public());
all_pks.push(eth_cold_pk);
all_pks.push(eth_hot_pk);
all_pks.push(data.protocol_key.clone());

tx.add_code_from_hash(tx_code_hash).add_data(data);

let signing_data = aux_signing_data(namada, &tx_args, None, None).await?;
let signing_data =
init_validator_signing_data(namada, &tx_args, all_pks).await?;

tx::prepare_tx(
namada,
Expand Down
9 changes: 7 additions & 2 deletions benches/host_env.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ fn tx_section_signature_validation(c: &mut Criterion) {
transfer_data,
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
);
let section_hash = tx.header_hash();

Expand All @@ -48,7 +48,12 @@ fn tx_section_signature_validation(c: &mut Criterion) {
c.bench_function("tx_section_signature_validation", |b| {
b.iter(|| {
multisig
.verify_signature(&mut HashSet::new(), &pkim, &None, &mut None)
.verify_signature(
&mut HashSet::new(),
&pkim,
&None,
&mut || Ok(()),
)
.unwrap()
})
});
Expand Down
20 changes: 10 additions & 10 deletions benches/native_vps.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ fn governance(c: &mut Criterion) {
},
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
}
"validator_vote" => {
Expand All @@ -99,7 +99,7 @@ fn governance(c: &mut Criterion) {
},
None,
None,
Some(&defaults::validator_keypair()),
vec![&defaults::albert_keypair()],
)
}
"minimal_proposal" => {
Expand All @@ -126,7 +126,7 @@ fn governance(c: &mut Criterion) {
},
None,
Some(vec![content_section]),
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
}
"complete_proposal" => {
Expand Down Expand Up @@ -178,7 +178,7 @@ fn governance(c: &mut Criterion) {
},
None,
Some(vec![content_section, wasm_code_section]),
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
}
_ => panic!("Unexpected bench test"),
Expand Down Expand Up @@ -418,7 +418,7 @@ fn vp_multitoken(c: &mut Criterion) {
},
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
);

for (signed_tx, bench_name) in [foreign_key_write, transfer]
Expand Down Expand Up @@ -490,7 +490,7 @@ fn pgf(c: &mut Criterion) {
defaults::albert_address(),
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
),
"steward_inflation_rate" => {
let data =
Expand All @@ -506,7 +506,7 @@ fn pgf(c: &mut Criterion) {
data,
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
}
_ => panic!("Unexpected bench test"),
Expand Down Expand Up @@ -578,7 +578,7 @@ fn eth_bridge_nut(c: &mut Criterion) {
data,
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
};

Expand Down Expand Up @@ -647,7 +647,7 @@ fn eth_bridge(c: &mut Criterion) {
data,
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
};

Expand Down Expand Up @@ -744,7 +744,7 @@ fn eth_bridge_pool(c: &mut Criterion) {
data,
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
)
};

Expand Down
2 changes: 1 addition & 1 deletion benches/process_wrapper.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ fn process_tx(c: &mut Criterion) {
},
None,
None,
Some(&defaults::albert_keypair()),
vec![&defaults::albert_keypair()],
);

tx.update_header(namada::types::transaction::TxType::Wrapper(Box::new(
Expand Down
Loading
Loading