cosmos-sdk/x/auth/tx/sigs.go

package tx

import (
	"fmt"

	"github.com/cosmos/cosmos-sdk/codec"

	"github.com/cosmos/cosmos-sdk/crypto/types"
	"github.com/cosmos/cosmos-sdk/types/tx"
	"github.com/cosmos/cosmos-sdk/types/tx/signing"
)

// SignatureDataToModeInfoAndSig converts a SignatureData to a ModeInfo and raw bytes signature
func SignatureDataToModeInfoAndSig(data signing.SignatureData) (*tx.ModeInfo, []byte) {
	if data == nil {
		return nil, nil
	}

	switch data := data.(type) {
	case *signing.SingleSignatureData:
		return &tx.ModeInfo{
			Sum: &tx.ModeInfo_Single_{
				Single: &tx.ModeInfo_Single{Mode: data.SignMode},
			},
		}, data.Signature
	case *signing.MultiSignatureData:
		n := len(data.Signatures)
		modeInfos := make([]*tx.ModeInfo, n)
		sigs := make([][]byte, n)

		for i, d := range data.Signatures {
			modeInfos[i], sigs[i] = SignatureDataToModeInfoAndSig(d)
		}

		multisig := types.MultiSignature{
			Signatures: sigs,
		}
		sig, err := multisig.Marshal()
		if err != nil {
			panic(err)
		}

		return &tx.ModeInfo{
			Sum: &tx.ModeInfo_Multi_{
				Multi: &tx.ModeInfo_Multi{
					Bitarray:  data.BitArray,
					ModeInfos: modeInfos,
				},
			},
		}, sig
	default:
		panic(fmt.Sprintf("unexpected signature data type %T", data))
	}
}

// ModeInfoAndSigToSignatureData converts a ModeInfo and raw bytes signature to a SignatureData or returns
// an error
func ModeInfoAndSigToSignatureData(modeInfo *tx.ModeInfo, sig []byte) (signing.SignatureData, error) {
	switch modeInfo := modeInfo.Sum.(type) {
	case *tx.ModeInfo_Single_:
		return &signing.SingleSignatureData{
			SignMode:  modeInfo.Single.Mode,
			Signature: sig,
		}, nil

	case *tx.ModeInfo_Multi_:
		multi := modeInfo.Multi

		sigs, err := decodeMultisignatures(sig)
		if err != nil {
			return nil, err
		}

		sigv2s := make([]signing.SignatureData, len(sigs))
		for i, mi := range multi.ModeInfos {
			sigv2s[i], err = ModeInfoAndSigToSignatureData(mi, sigs[i])
			if err != nil {
				return nil, err
			}
		}

		return &signing.MultiSignatureData{
			BitArray:   multi.Bitarray,
			Signatures: sigv2s,
		}, nil

	default:
		panic(fmt.Errorf("unexpected ModeInfo data type %T", modeInfo))
	}
}

// decodeMultisignatures safely decodes the the raw bytes as a MultiSignature protobuf message
func decodeMultisignatures(bz []byte) ([][]byte, error) {
	multisig := types.MultiSignature{}
	err := multisig.Unmarshal(bz)
	if err != nil {
		return nil, err
	}
	// NOTE: it is import to reject multi-signatures that contain unrecognized fields because this is an exploitable
	// malleability in the protobuf message. Basically an attacker could bloat a MultiSignature message with unknown
	// fields, thus bloating the transaction and causing it to fail.
	if len(multisig.XXX_unrecognized) > 0 {
		return nil, fmt.Errorf("rejecting unrecognized fields found in MultiSignature")
	}
	return multisig.Signatures, nil
}

func (g config) MarshalSignatureJSON(sigs []signing.SignatureV2) ([]byte, error) {
	descs := make([]*signing.SignatureDescriptor, len(sigs))

	for i, sig := range sigs {
		publicKey, err := g.pubkeyCodec.Encode(sig.PubKey)
		if err != nil {
			return nil, err
		}

		descData := signing.SignatureDataToProto(sig.Data)

		descs[i] = &signing.SignatureDescriptor{
			PublicKey: publicKey,
			Data:      descData,
		}
	}

	toJSON := &signing.SignatureDescriptors{Signatures: descs}

	return codec.ProtoMarshalJSON(toJSON)
}

func (g config) UnmarshalSignatureJSON(bz []byte) ([]signing.SignatureV2, error) {
	var sigDescs signing.SignatureDescriptors
	err := g.protoCodec.UnmarshalJSON(bz, &sigDescs)
	if err != nil {
		return nil, err
	}

	sigs := make([]signing.SignatureV2, len(sigDescs.Signatures))
	for i, desc := range sigDescs.Signatures {
		pubKey, err := g.pubkeyCodec.Decode(desc.PublicKey)
		if err != nil {
			return nil, err
		}

		data := signing.SignatureDataFromProto(desc.Data)

		sigs[i] = signing.SignatureV2{
			PubKey:   pubKey,
			Data:     data,
			Sequence: desc.Sequence,
		}
	}

	return sigs, nil
}
Add support for protobuf TxGenerator and SIGN_MODE_DIRECT (#6385) * Add TxWrapper, encoder, decoder and DirectModeHandler * fix pkg name * Update API and leave test TODO's * Update TxWrapper API * tests for tx wrapper (#6410) * WIP: added test for direct mode handler * updated code * Add msg * Update TxWrapper API * Fix pubkey declaration * Add pubkey for tests * Fix SetFee * Remove logs * Avoid global var declaration for tests * Add test for GetPubKeys * Fix direct signing tests * Add more test cases for GetSignBytes * Revert SetFee API * Remove logs * Refactor tests Co-authored-by: anilCSE <anil@vitwit.com> Co-authored-by: sahith-narahari <sahithnarahari@gmail.com> * Refactoring * Refactoring * Integrate SignatureV2 API * Fix wrapper tests * Fix tests * Linting and API tweaks * Update API * WIP on updating API * Fix tests * Update to new SigVerifiableTx * Rename * Update docs to reflect ADR 020 * proto-gen * proto docs * cleanup * cleanup * cleanup * cleanup * cleanup * cleanup * cleanup * Add tests * Refactor and improving test coverage * WIP on test coverage * WIP on test coverage * proto-gen * Fix CompactBitArray.Size() bug * Rename * Remove Builder interface * Address review comments * Update x/auth/tx/sigs.go Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * Update x/auth/tx/encoder.go Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * Update x/auth/tx/encoder.go Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * Address review feedback * Fix build issues * Resolve conflicts * Fix ValidateBasic test coverage * Add test for malicious multisig Co-authored-by: atheeshp <59333759+atheeshp@users.noreply.github.com> Co-authored-by: anilCSE <anil@vitwit.com> Co-authored-by: sahith-narahari <sahithnarahari@gmail.com> Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> 2020-07-06 10:03:45 -07:00			`package tx`

			`import (`
			`"fmt"`

Update auth cli commands (#6717) * add utils * update sign cmd * update multisign cmd * update sign batch cmd * update genutil cmd * add wrap tx builder * update gentx cli * update validate sigs cmd * fix lint * add flag reader to cli * update marshaler for batchscan * add register query server * update to master * remove depricated methods * fix keyring issue * update wraptx * Fix batch scan * fix register interfaces issue * update printOutput * Update Validate Sigs test * WIP on signature JSON * Cleanup * Cleanup * Test fixes * Test fixes * Fixes * WIP on tests * Fix gov tests * fix lint * fix MultiSign tests * fix tests * refactor tests * Cleanup * Address review comments * Update encode * Test fix * Rename SignData func * Fix lint * Fix lint * Revert ReadTxCommandFlags Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Aaron Craelius <aaronc@users.noreply.github.com> 2020-07-29 15:33:42 -07:00			`"github.com/cosmos/cosmos-sdk/codec"`

Add support for protobuf TxGenerator and SIGN_MODE_DIRECT (#6385) * Add TxWrapper, encoder, decoder and DirectModeHandler * fix pkg name * Update API and leave test TODO's * Update TxWrapper API * tests for tx wrapper (#6410) * WIP: added test for direct mode handler * updated code * Add msg * Update TxWrapper API * Fix pubkey declaration * Add pubkey for tests * Fix SetFee * Remove logs * Avoid global var declaration for tests * Add test for GetPubKeys * Fix direct signing tests * Add more test cases for GetSignBytes * Revert SetFee API * Remove logs * Refactor tests Co-authored-by: anilCSE <anil@vitwit.com> Co-authored-by: sahith-narahari <sahithnarahari@gmail.com> * Refactoring * Refactoring * Integrate SignatureV2 API * Fix wrapper tests * Fix tests * Linting and API tweaks * Update API * WIP on updating API * Fix tests * Update to new SigVerifiableTx * Rename * Update docs to reflect ADR 020 * proto-gen * proto docs * cleanup * cleanup * cleanup * cleanup * cleanup * cleanup * cleanup * Add tests * Refactor and improving test coverage * WIP on test coverage * WIP on test coverage * proto-gen * Fix CompactBitArray.Size() bug * Rename * Remove Builder interface * Address review comments * Update x/auth/tx/sigs.go Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * Update x/auth/tx/encoder.go Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * Update x/auth/tx/encoder.go Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * Address review feedback * Fix build issues * Resolve conflicts * Fix ValidateBasic test coverage * Add test for malicious multisig Co-authored-by: atheeshp <59333759+atheeshp@users.noreply.github.com> Co-authored-by: anilCSE <anil@vitwit.com> Co-authored-by: sahith-narahari <sahithnarahari@gmail.com> Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> 2020-07-06 10:03:45 -07:00			`"github.com/cosmos/cosmos-sdk/crypto/types"`
			`"github.com/cosmos/cosmos-sdk/types/tx"`
			`"github.com/cosmos/cosmos-sdk/types/tx/signing"`
			`)`

			`// SignatureDataToModeInfoAndSig converts a SignatureData to a ModeInfo and raw bytes signature`
			`func SignatureDataToModeInfoAndSig(data signing.SignatureData) (*tx.ModeInfo, []byte) {`
			`if data == nil {`
			`return nil, nil`
			`}`

			`switch data := data.(type) {`
			`case *signing.SingleSignatureData:`
			`return &tx.ModeInfo{`
			`Sum: &tx.ModeInfo_Single_{`
			`Single: &tx.ModeInfo_Single{Mode: data.SignMode},`
			`},`
			`}, data.Signature`
			`case *signing.MultiSignatureData:`
			`n := len(data.Signatures)`
			`modeInfos := make([]*tx.ModeInfo, n)`
			`sigs := make([][]byte, n)`

			`for i, d := range data.Signatures {`
			`modeInfos[i], sigs[i] = SignatureDataToModeInfoAndSig(d)`
			`}`

			`multisig := types.MultiSignature{`
			`Signatures: sigs,`
			`}`
			`sig, err := multisig.Marshal()`
			`if err != nil {`
			`panic(err)`
			`}`

			`return &tx.ModeInfo{`
			`Sum: &tx.ModeInfo_Multi_{`
			`Multi: &tx.ModeInfo_Multi{`
			`Bitarray: data.BitArray,`
			`ModeInfos: modeInfos,`
			`},`
			`},`
			`}, sig`
			`default:`
			`panic(fmt.Sprintf("unexpected signature data type %T", data))`
			`}`
			`}`

			`// ModeInfoAndSigToSignatureData converts a ModeInfo and raw bytes signature to a SignatureData or returns`
			`// an error`
			`func ModeInfoAndSigToSignatureData(modeInfo *tx.ModeInfo, sig []byte) (signing.SignatureData, error) {`
			`switch modeInfo := modeInfo.Sum.(type) {`
			`case *tx.ModeInfo_Single_:`
			`return &signing.SingleSignatureData{`
			`SignMode: modeInfo.Single.Mode,`
			`Signature: sig,`
			`}, nil`

			`case *tx.ModeInfo_Multi_:`
			`multi := modeInfo.Multi`

			`sigs, err := decodeMultisignatures(sig)`
			`if err != nil {`
			`return nil, err`
			`}`

			`sigv2s := make([]signing.SignatureData, len(sigs))`
			`for i, mi := range multi.ModeInfos {`
			`sigv2s[i], err = ModeInfoAndSigToSignatureData(mi, sigs[i])`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

			`return &signing.MultiSignatureData{`
			`BitArray: multi.Bitarray,`
			`Signatures: sigv2s,`
			`}, nil`

			`default:`
			`panic(fmt.Errorf("unexpected ModeInfo data type %T", modeInfo))`
			`}`
			`}`

			`// decodeMultisignatures safely decodes the the raw bytes as a MultiSignature protobuf message`
			`func decodeMultisignatures(bz []byte) ([][]byte, error) {`
			`multisig := types.MultiSignature{}`
			`err := multisig.Unmarshal(bz)`
			`if err != nil {`
			`return nil, err`
			`}`
			`// NOTE: it is import to reject multi-signatures that contain unrecognized fields because this is an exploitable`
			`// malleability in the protobuf message. Basically an attacker could bloat a MultiSignature message with unknown`
			`// fields, thus bloating the transaction and causing it to fail.`
			`if len(multisig.XXX_unrecognized) > 0 {`
			`return nil, fmt.Errorf("rejecting unrecognized fields found in MultiSignature")`
			`}`
			`return multisig.Signatures, nil`
			`}`
Update auth cli commands (#6717) * add utils * update sign cmd * update multisign cmd * update sign batch cmd * update genutil cmd * add wrap tx builder * update gentx cli * update validate sigs cmd * fix lint * add flag reader to cli * update marshaler for batchscan * add register query server * update to master * remove depricated methods * fix keyring issue * update wraptx * Fix batch scan * fix register interfaces issue * update printOutput * Update Validate Sigs test * WIP on signature JSON * Cleanup * Cleanup * Test fixes * Test fixes * Fixes * WIP on tests * Fix gov tests * fix lint * fix MultiSign tests * fix tests * refactor tests * Cleanup * Address review comments * Update encode * Test fix * Rename SignData func * Fix lint * Fix lint * Revert ReadTxCommandFlags Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Aaron Craelius <aaronc@users.noreply.github.com> 2020-07-29 15:33:42 -07:00
Reject unknown fields in TxDecoder and sign mode handlers (#6883) * WIP on unknown field rejection in TxDecoder * WIP on unknown field rejection in TxDecoder * WIP * WIP * WIP * WIP * Fix bugs with RejectUnknownFields * Fix tests * Fix bug and update docs * Lint * Add tests * Add unknown field tests * Lint * Address review comments 2020-08-03 12:47:25 -07:00			`func (g config) MarshalSignatureJSON(sigs []signing.SignatureV2) ([]byte, error) {`
Update auth cli commands (#6717) * add utils * update sign cmd * update multisign cmd * update sign batch cmd * update genutil cmd * add wrap tx builder * update gentx cli * update validate sigs cmd * fix lint * add flag reader to cli * update marshaler for batchscan * add register query server * update to master * remove depricated methods * fix keyring issue * update wraptx * Fix batch scan * fix register interfaces issue * update printOutput * Update Validate Sigs test * WIP on signature JSON * Cleanup * Cleanup * Test fixes * Test fixes * Fixes * WIP on tests * Fix gov tests * fix lint * fix MultiSign tests * fix tests * refactor tests * Cleanup * Address review comments * Update encode * Test fix * Rename SignData func * Fix lint * Fix lint * Revert ReadTxCommandFlags Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Aaron Craelius <aaronc@users.noreply.github.com> 2020-07-29 15:33:42 -07:00			`descs := make([]*signing.SignatureDescriptor, len(sigs))`

			`for i, sig := range sigs {`
			`publicKey, err := g.pubkeyCodec.Encode(sig.PubKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`descData := signing.SignatureDataToProto(sig.Data)`

			`descs[i] = &signing.SignatureDescriptor{`
			`PublicKey: publicKey,`
			`Data: descData,`
			`}`
			`}`

			`toJSON := &signing.SignatureDescriptors{Signatures: descs}`

			`return codec.ProtoMarshalJSON(toJSON)`
			`}`

Reject unknown fields in TxDecoder and sign mode handlers (#6883) * WIP on unknown field rejection in TxDecoder * WIP on unknown field rejection in TxDecoder * WIP * WIP * WIP * WIP * Fix bugs with RejectUnknownFields * Fix tests * Fix bug and update docs * Lint * Add tests * Add unknown field tests * Lint * Address review comments 2020-08-03 12:47:25 -07:00			`func (g config) UnmarshalSignatureJSON(bz []byte) ([]signing.SignatureV2, error) {`
Update auth cli commands (#6717) * add utils * update sign cmd * update multisign cmd * update sign batch cmd * update genutil cmd * add wrap tx builder * update gentx cli * update validate sigs cmd * fix lint * add flag reader to cli * update marshaler for batchscan * add register query server * update to master * remove depricated methods * fix keyring issue * update wraptx * Fix batch scan * fix register interfaces issue * update printOutput * Update Validate Sigs test * WIP on signature JSON * Cleanup * Cleanup * Test fixes * Test fixes * Fixes * WIP on tests * Fix gov tests * fix lint * fix MultiSign tests * fix tests * refactor tests * Cleanup * Address review comments * Update encode * Test fix * Rename SignData func * Fix lint * Fix lint * Revert ReadTxCommandFlags Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Aaron Craelius <aaronc@users.noreply.github.com> 2020-07-29 15:33:42 -07:00			`var sigDescs signing.SignatureDescriptors`
			`err := g.protoCodec.UnmarshalJSON(bz, &sigDescs)`
			`if err != nil {`
			`return nil, err`
			`}`

			`sigs := make([]signing.SignatureV2, len(sigDescs.Signatures))`
			`for i, desc := range sigDescs.Signatures {`
			`pubKey, err := g.pubkeyCodec.Decode(desc.PublicKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`data := signing.SignatureDataFromProto(desc.Data)`

			`sigs[i] = signing.SignatureV2{`
Put AccountSequence in SignerInfo (#6997) * WIP test the grounds * Update ADR020 * Fix compile errors * Fix ADR * Make ante tests pass * Fix remaining ante handler tests * Simplify code * Fix x/bank app_test * Fix tests * Remove useless accSeq from signerdata * Fix test * Update simapp/helpers/test_helpers.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Update simapp/helpers/test_helpers.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Update x/auth/client/cli/tx_multisign.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Address rewview * Update x/auth/ante/sigverify.go Co-authored-by: Simon Warta <2603011+webmaster128@users.noreply.github.com> * Update x/auth/ante/sigverify_test.go Co-authored-by: Simon Warta <2603011+webmaster128@users.noreply.github.com> * Update x/auth/tx/builder_test.go Co-authored-by: Simon Warta <2603011+webmaster128@users.noreply.github.com> * Update x/auth/tx/builder_test.go Co-authored-by: Simon Warta <2603011+webmaster128@users.noreply.github.com> * Update x/auth/tx/direct_test.go Co-authored-by: Simon Warta <2603011+webmaster128@users.noreply.github.com> * Update x/auth/tx/builder_test.go Co-authored-by: Simon Warta <2603011+webmaster128@users.noreply.github.com> * AccSeq -> Seq * Address reviews * Better variable naming * Fix variable assign * Remove old SetSignerInfo * Fix test * proto-gen * Make proto-gen * Reput gw comment * Add Changelog * Update x/bank/app_test.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Update x/bank/app_test.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: SaReN <sahithnarahari@gmail.com> Co-authored-by: Simon Warta <2603011+webmaster128@users.noreply.github.com> 2020-08-21 07:20:47 -07:00			`PubKey: pubKey,`
			`Data: data,`
			`Sequence: desc.Sequence,`
Update auth cli commands (#6717) * add utils * update sign cmd * update multisign cmd * update sign batch cmd * update genutil cmd * add wrap tx builder * update gentx cli * update validate sigs cmd * fix lint * add flag reader to cli * update marshaler for batchscan * add register query server * update to master * remove depricated methods * fix keyring issue * update wraptx * Fix batch scan * fix register interfaces issue * update printOutput * Update Validate Sigs test * WIP on signature JSON * Cleanup * Cleanup * Test fixes * Test fixes * Fixes * WIP on tests * Fix gov tests * fix lint * fix MultiSign tests * fix tests * refactor tests * Cleanup * Address review comments * Update encode * Test fix * Rename SignData func * Fix lint * Fix lint * Revert ReadTxCommandFlags Co-authored-by: Aaron Craelius <aaron@regen.network> Co-authored-by: Aaron Craelius <aaronc@users.noreply.github.com> 2020-07-29 15:33:42 -07:00			`}`
			`}`

			`return sigs, nil`
			`}`