Commit f0509a1f authored by David Vorick's avatar David Vorick

change SignBytes and VerifyBytes to SignHash and VerifyHash

parent e1006895
...@@ -82,7 +82,7 @@ func contractTxn(t *testing.T, s *State, delay BlockHeight, duration BlockHeight ...@@ -82,7 +82,7 @@ func contractTxn(t *testing.T, s *State, delay BlockHeight, duration BlockHeight
} }
txn.Signatures = append(txn.Signatures, sig) txn.Signatures = append(txn.Signatures, sig)
sigHash := txn.SigHash(0) sigHash := txn.SigHash(0)
rawSig, err := crypto.SignBytes(sigHash, sk) rawSig, err := crypto.SignHash(sigHash, sk)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
...@@ -168,7 +168,7 @@ func storageProofTxn(t *testing.T, s *State) (txn Transaction, cid ContractID) { ...@@ -168,7 +168,7 @@ func storageProofTxn(t *testing.T, s *State) (txn Transaction, cid ContractID) {
} }
txn.Signatures = append(txn.Signatures, sig) txn.Signatures = append(txn.Signatures, sig)
sigHash := txn.SigHash(0) sigHash := txn.SigHash(0)
rawSig, err := crypto.SignBytes(sigHash, sk) rawSig, err := crypto.SignHash(sigHash, sk)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
......
...@@ -12,7 +12,6 @@ import ( ...@@ -12,7 +12,6 @@ import (
// nonexistent objects in the transaction. // nonexistent objects in the transaction.
var ( var (
InvalidSignatureErr = errors.New("signature is invalid")
MissingSignaturesErr = errors.New("transaction has inputs with missing signatures") MissingSignaturesErr = errors.New("transaction has inputs with missing signatures")
) )
...@@ -175,8 +174,9 @@ func (s *State) validSignatures(t Transaction) (err error) { ...@@ -175,8 +174,9 @@ func (s *State) validSignatures(t Transaction) (err error) {
} }
sigHash := t.SigHash(i) sigHash := t.SigHash(i)
if !crypto.VerifyBytes(sigHash, decodedPK, decodedSig) { err = crypto.VerifyHash(sigHash, decodedPK, decodedSig)
return InvalidSignatureErr if err != nil {
return err
} }
default: default:
// If we don't recognize the identifier, assume that the signature // If we don't recognize the identifier, assume that the signature
......
...@@ -64,7 +64,7 @@ func signedOutputTxn(t *testing.T, s *State, algorithm Identifier) (txn Transact ...@@ -64,7 +64,7 @@ func signedOutputTxn(t *testing.T, s *State, algorithm Identifier) (txn Transact
} }
txn.Signatures = append(txn.Signatures, sig) txn.Signatures = append(txn.Signatures, sig)
sigHash := txn.SigHash(0) sigHash := txn.SigHash(0)
rawSig, err := crypto.SignBytes(sigHash, sk) rawSig, err := crypto.SignHash(sigHash, sk)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
...@@ -106,7 +106,7 @@ func testInvalidSignature(t *testing.T, s *State) { ...@@ -106,7 +106,7 @@ func testInvalidSignature(t *testing.T, s *State) {
t.Fatal(err) t.Fatal(err)
} }
err = s.AcceptBlock(b) err = s.AcceptBlock(b)
if err != InvalidSignatureErr { if err != crypto.ErrInvalidSignature {
t.Fatal(err) t.Fatal(err)
} }
} }
......
...@@ -21,6 +21,11 @@ type ( ...@@ -21,6 +21,11 @@ type (
Signature *[ed25519.SignatureSize]byte Signature *[ed25519.SignatureSize]byte
) )
var (
ErrNilInput = errors.New("cannot use nil input")
ErrInvalidSignature = errors.New("invalid signature")
)
// GenerateKeyPair creates a public-secret keypair that can be used to sign and // GenerateKeyPair creates a public-secret keypair that can be used to sign and
// verify messages. // verify messages.
func GenerateSignatureKeys() (sk SecretKey, pk PublicKey, err error) { func GenerateSignatureKeys() (sk SecretKey, pk PublicKey, err error) {
...@@ -31,25 +36,33 @@ func GenerateSignatureKeys() (sk SecretKey, pk PublicKey, err error) { ...@@ -31,25 +36,33 @@ func GenerateSignatureKeys() (sk SecretKey, pk PublicKey, err error) {
return return
} }
// SignBytes signs a message using a secret key. // SignHAsh signs a message using a secret key. An error is returned if the
func SignBytes(data hash.Hash, sk SecretKey) (sig Signature, err error) { // secret key is nil.
func SignHash(data hash.Hash, sk SecretKey) (sig Signature, err error) {
if sk == nil { if sk == nil {
err = errors.New("cannot sign with nil key") err = ErrNilInput
return return
} }
sig = ed25519.Sign(sk, data[:]) sig = ed25519.Sign(sk, data[:])
return return
} }
// VerifyBytes uses a public key and input data to verify a signature. // VerifyHash uses a public key and input data to verify a signature. And error
// // is returned if the public key or signature is nil.
// TODO: Switch VerifyBytes to also returning an error. func VerifyHash(data hash.Hash, pk PublicKey, sig Signature) (err error) {
func VerifyBytes(data hash.Hash, pk PublicKey, sig Signature) bool {
if pk == nil { if pk == nil {
return false err = ErrNilInput
return
} }
if sig == nil { if sig == nil {
return false err = ErrNilInput
return
} }
return ed25519.Verify(pk, data[:], sig) verifies := ed25519.Verify(pk, data[:], sig)
if !verifies {
err = ErrInvalidSignature
return
}
return
} }
...@@ -33,7 +33,7 @@ func TestSignatureEncoding(t *testing.T) { ...@@ -33,7 +33,7 @@ func TestSignatureEncoding(t *testing.T) {
// Create a signature using the secret key. // Create a signature using the secret key.
var signedData hash.Hash var signedData hash.Hash
rand.Read(signedData[:]) rand.Read(signedData[:])
sig, err := SignBytes(signedData, sk) sig, err := SignHash(signedData, sk)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
...@@ -59,12 +59,12 @@ func TestSigning(t *testing.T) { ...@@ -59,12 +59,12 @@ func TestSigning(t *testing.T) {
if testing.Short() { if testing.Short() {
iterations = 5 iterations = 5
} else { } else {
iterations = 500 iterations = 200
} }
// Try a bunch of signatures because at one point there was a library that // Try a bunch of signatures because at one point there was a library that
// worked around 98% of the time. Tests would usually pass, but 500 // worked around 98% of the time. Tests would usually pass, but 200
// iterations would always cause a failure. // iterations would normally cause a failure.
for i := 0; i < iterations; i++ { for i := 0; i < iterations; i++ {
// Generate the keys. // Generate the keys.
sk, pk, err := GenerateSignatureKeys() sk, pk, err := GenerateSignatureKeys()
...@@ -75,27 +75,36 @@ func TestSigning(t *testing.T) { ...@@ -75,27 +75,36 @@ func TestSigning(t *testing.T) {
// Generate and sign the data. // Generate and sign the data.
var randData hash.Hash var randData hash.Hash
rand.Read(randData[:]) rand.Read(randData[:])
sig, err := SignBytes(randData, sk) sig, err := SignHash(randData, sk)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
// Verify the signature. // Verify the signature.
if !VerifyBytes(randData, pk, sig) { err = VerifyHash(randData, pk, sig)
t.Fatal("Signature did not verify") if err != nil {
t.Fatal(err)
} }
// Attempt to verify after the data has been altered. // Attempt to verify after the data has been altered.
randData[0] += 1 randData[0] += 1
if VerifyBytes(randData, pk, sig) { err = VerifyHash(randData, pk, sig)
t.Fatal("Signature verified after the data was falsified") if err != ErrInvalidSignature {
t.Fatal(err)
} }
// Attempt to verify after the signature has been altered. // Restore the data and make sure the signature is valid again.
randData[0] -= 1 randData[0] -= 1
err = VerifyHash(randData, pk, sig)
if err != nil {
t.Fatal(err)
}
// Attempt to verify after the signature has been altered.
sig[0] += 1 sig[0] += 1
if VerifyBytes(randData, pk, sig) { err = VerifyHash(randData, pk, sig)
t.Fatal("Signature verified after the signature was altered") if err != ErrInvalidSignature {
t.Fatal(err)
} }
} }
...@@ -106,9 +115,9 @@ func TestSigning(t *testing.T) { ...@@ -106,9 +115,9 @@ func TestSigning(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
var data hash.Hash var data hash.Hash
SignBytes(data, nil) SignHash(data, nil)
SignBytes(data, nil) SignHash(data, nil)
VerifyBytes(data, nil, nil) VerifyHash(data, nil, nil)
VerifyBytes(data, nil, nil) VerifyHash(data, nil, nil)
VerifyBytes(data, pk, nil) VerifyHash(data, pk, nil)
} }
...@@ -222,7 +222,7 @@ func (w *Wallet) SignTransaction(id string, wholeTransaction bool) (txn consensu ...@@ -222,7 +222,7 @@ func (w *Wallet) SignTransaction(id string, wholeTransaction bool) (txn consensu
// Get the signature. // Get the signature.
var encodedSig crypto.Signature var encodedSig crypto.Signature
encodedSig, err = crypto.SignBytes(sigHash, secKey) encodedSig, err = crypto.SignHash(sigHash, secKey)
if err != nil { if err != nil {
return return
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment