antimev: ensure decrypted tx hash matches Envelope's data

Otherwise decrypted transaction is invalid and must not be accepted.

Signed-off-by: Anna Shaleva <[email protected]>

Author: AnnaShaleva

antimev/envelope.go

@@ -51,3 +51,10 @@ func IsEnvelope(tx *types.Transaction) bool {
 
 	return true
 }
+
+// GetEncryptedHash returns the hash of inner encrypted transaction specified in an
+// unencrypted part of Envelope data. Passing non-Envelope as an argument is a no-op.
+func GetEncryptedHash(envelope *types.Transaction) common.Hash {
+	hashOffset := EncryptedDataPrefixLen + EncryptedDataRoundLen
+	return common.Hash(envelope.Data()[hashOffset : hashOffset+EncryptedDataHashLen])
+}

consensus/dbft/dbft.go

@@ -1257,6 +1257,12 @@ func (c *DBFT) validateDecryptedTx(head *types.Header, decryptedTx *types.Transa
 		return fmt.Errorf("decryptedTx from mismatch: decryptedFrom %v, envelopeFrom %v", decryptedFrom, envelopeFrom)
 	}
 
+	// Ensure decrypted hash matches the one specified in an unencrypted part of Envelope data.
+	expectedH := antimev.GetEncryptedHash(envelope)
+	if decryptedTx.Hash().Cmp(expectedH) != 0 {
+		return fmt.Errorf("decryptedTx hash mismatch: expected %s, got %s", expectedH, decryptedTx.Hash())
+	}
+
 	return nil
 }
 

internal/ethapi/api.go

@@ -1893,8 +1893,7 @@ func SubmitTransaction(ctx context.Context, b Backend, tx *types.Transaction) (c
 
 	// If the transaction is an antimev envelope, then return the declared transaction hash instead of its own.
 	if antimev.IsEnvelope(tx) {
-		hashOffSet := antimev.EncryptedDataPrefixLen + antimev.EncryptedDataRoundLen
-		return common.Hash(tx.Data()[hashOffSet : hashOffSet+antimev.EncryptedDataHashLen]), nil
+		return antimev.GetEncryptedHash(tx), nil
 	} else {
 		return tx.Hash(), nil
 	}