Implement slot decryption signatures

Author: jannikluhn

rolling-shutter/keyperimpl/gnosis/handlers.go

@@ -14,6 +14,7 @@ import (
 	obskeyperdatabase "github.com/shutter-network/rolling-shutter/rolling-shutter/chainobserver/db/keyper"
 	corekeyperdatabase "github.com/shutter-network/rolling-shutter/rolling-shutter/keyper/database"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/keyperimpl/gnosis/database"
+	"github.com/shutter-network/rolling-shutter/rolling-shutter/medley/identitypreimage"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/p2pmsg"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/shdb"
 )
@@ -26,7 +27,7 @@ func (h *DecryptionKeySharesHandler) MessagePrototypes() []p2pmsg.Message {
 	return []p2pmsg.Message{&p2pmsg.DecryptionKeyShares{}}
 }
 
-func (h *DecryptionKeySharesHandler) ValidateMessage(_ context.Context, msg p2pmsg.Message) (pubsub.ValidationResult, error) {
+func (h *DecryptionKeySharesHandler) ValidateMessage(ctx context.Context, msg p2pmsg.Message) (pubsub.ValidationResult, error) {
 	keyShares := msg.(*p2pmsg.DecryptionKeyShares)
 	extra, ok := keyShares.Extra.(*p2pmsg.DecryptionKeyShares_Gnosis)
 	if !ok {
@@ -42,7 +43,54 @@ func (h *DecryptionKeySharesHandler) ValidateMessage(_ context.Context, msg p2pm
 	if extra.Gnosis.TxPointer > math.MaxInt64 {
 		return pubsub.ValidationReject, errors.New("tx pointer too large")
 	}
-	// TODO: check signature
+
+	keyperDB := corekeyperdatabase.New(h.dbpool)
+	eon, err := keyperDB.GetEon(ctx, int64(keyShares.Eon))
+	if err != nil {
+		return pubsub.ValidationReject, errors.Wrapf(err, "failed to get eon from database for eon %d", keyShares.Eon)
+	}
+	obsKeyperDB := obskeyperdatabase.New(h.dbpool)
+	keyperSet, err := obsKeyperDB.GetKeyperSetByKeyperConfigIndex(ctx, eon.KeyperConfigIndex)
+	if err != nil {
+		return pubsub.ValidationReject, errors.Wrapf(err,
+			"failed to get keyper set from database for keyper set index %d (eon %d)",
+			eon.KeyperConfigIndex,
+			keyShares.Eon,
+		)
+	}
+	if keyShares.KeyperIndex >= uint64(len(keyperSet.Keypers)) {
+		return pubsub.ValidationReject, errors.Errorf(
+			"keyper index %d out of range for keyper set %d (eon %d)",
+			keyShares.KeyperIndex,
+			eon.KeyperConfigIndex,
+			keyShares.Eon,
+		)
+	}
+	keyperAddressStr := keyperSet.Keypers[keyShares.KeyperIndex]
+	keyperAddress, err := shdb.DecodeAddress(keyperAddressStr)
+	if err != nil {
+		return pubsub.ValidationReject, errors.Wrap(err, "failed to decode keyper address from database")
+	}
+
+	identityPreimages := []identitypreimage.IdentityPreimage{}
+	for _, share := range keyShares.Shares {
+		identityPreimage := identitypreimage.IdentityPreimage(share.EpochID)
+		identityPreimages = append(identityPreimages, identityPreimage)
+	}
+	slotDecryptionSignatureData := SlotDecryptionSignatureData{
+		InstanceID:        keyShares.InstanceID,
+		Eon:               keyShares.Eon,
+		Slot:              extra.Gnosis.Slot,
+		TxPointer:         extra.Gnosis.TxPointer,
+		IdentityPreimages: identityPreimages,
+	}
+	signatureValid, err := CheckSlotDecryptionSignature(&slotDecryptionSignatureData, extra.Gnosis.Signature, keyperAddress)
+	if err != nil {
+		return pubsub.ValidationReject, errors.Wrap(err, "failed to check slot decryption signature")
+	}
+	if !signatureValid {
+		return pubsub.ValidationReject, errors.New("slot decryption signature invalid")
+	}
 
 	return pubsub.ValidationAccept, nil
 }
@@ -193,7 +241,29 @@ func (h *DecryptionKeysHandler) ValidateMessage(ctx context.Context, msg p2pmsg.
 		signers = append(signers, signer)
 	}
 
-	// TODO: check signatures
+	identityPreimages := []identitypreimage.IdentityPreimage{}
+	for _, key := range keys.Keys {
+		identityPreimage := identitypreimage.IdentityPreimage(key.Identity)
+		identityPreimages = append(identityPreimages, identityPreimage)
+	}
+	slotDecryptionSignatureData := SlotDecryptionSignatureData{
+		InstanceID:        keys.InstanceID,
+		Eon:               keys.Eon,
+		Slot:              extra.Gnosis.Slot,
+		TxPointer:         extra.Gnosis.TxPointer,
+		IdentityPreimages: identityPreimages,
+	}
+	for signatureIndex := 0; signatureIndex < len(extra.Gnosis.Signatures); signatureIndex++ {
+		signature := extra.Gnosis.Signatures[signatureIndex]
+		signer := signers[signatureIndex]
+		signatureValid, err := CheckSlotDecryptionSignature(&slotDecryptionSignatureData, signature, signer)
+		if err != nil {
+			return pubsub.ValidationReject, errors.Wrap(err, "failed to check slot decryption signature")
+		}
+		if !signatureValid {
+			return pubsub.ValidationReject, errors.New("slot decryption signature invalid")
+		}
+	}
 
 	return pubsub.ValidationAccept, nil
 }

rolling-shutter/keyperimpl/gnosis/keyper.go

@@ -72,7 +72,7 @@ func (kpr *Keyper) Start(ctx context.Context, runner service.Runner) error {
 	}
 	messageSender.AddMessageHandler(&DecryptionKeySharesHandler{kpr.dbpool})
 	messageSender.AddMessageHandler(&DecryptionKeysHandler{kpr.dbpool})
-	messagingMiddleware := NewMessagingMiddleware(messageSender, kpr.dbpool)
+	messagingMiddleware := NewMessagingMiddleware(messageSender, kpr.dbpool, kpr.config)
 
 	kpr.core, err = keyper.New(
 		&kprconfig.Config{

rolling-shutter/keyperimpl/gnosis/messagingmiddleware.go

@@ -14,13 +14,15 @@ import (
 	obskeyperdatabase "github.com/shutter-network/rolling-shutter/rolling-shutter/chainobserver/db/keyper"
 	corekeyperdatabase "github.com/shutter-network/rolling-shutter/rolling-shutter/keyper/database"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/keyperimpl/gnosis/database"
+	"github.com/shutter-network/rolling-shutter/rolling-shutter/medley/identitypreimage"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/medley/retry"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/medley/service"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/p2p"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/p2pmsg"
 )
 
 type MessagingMiddleware struct {
+	config    *Config
 	messaging p2p.Messaging
 	dbpool    *pgxpool.Pool
 }
@@ -56,8 +58,8 @@ func (h *WrappedMessageHandler) HandleMessage(ctx context.Context, msg p2pmsg.Me
 	return replacedMsgs, nil
 }
 
-func NewMessagingMiddleware(messaging p2p.Messaging, dbpool *pgxpool.Pool) *MessagingMiddleware {
-	return &MessagingMiddleware{messaging: messaging, dbpool: dbpool}
+func NewMessagingMiddleware(messaging p2p.Messaging, dbpool *pgxpool.Pool, config *Config) *MessagingMiddleware {
+	return &MessagingMiddleware{messaging: messaging, dbpool: dbpool, config: config}
 }
 
 func (i *MessagingMiddleware) Start(_ context.Context, runner service.Runner) error {
@@ -133,7 +135,22 @@ func (i *MessagingMiddleware) interceptDecryptionKeyShares(
 		return nil, nil
 	}
 
-	signature := []byte("signed")
+	identityPreimages := []identitypreimage.IdentityPreimage{}
+	for _, share := range originalMsg.Shares {
+		identityPreimages = append(identityPreimages, identitypreimage.IdentityPreimage(share.EpochID))
+	}
+	slotDecryptionSignatureData := SlotDecryptionSignatureData{
+		InstanceID:        i.config.InstanceID,
+		Eon:               originalMsg.Eon,
+		Slot:              uint64(currentDecryptionTrigger.Block),
+		TxPointer:         uint64(currentDecryptionTrigger.TxPointer),
+		IdentityPreimages: identityPreimages,
+	}
+	signature, err := ComputeSlotDecryptionSignature(&slotDecryptionSignatureData, i.config.Gnosis.PrivateKey.Key)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to compute slot decryption signature")
+	}
+
 	err = queries.InsertSlotDecryptionSignature(ctx, database.InsertSlotDecryptionSignatureParams{
 		Eon:            currentDecryptionTrigger.Eon,
 		Block:          currentDecryptionTrigger.Block,
@@ -155,7 +172,7 @@ func (i *MessagingMiddleware) interceptDecryptionKeyShares(
 		Gnosis: &p2pmsg.GnosisDecryptionKeySharesExtra{
 			Slot:      uint64(currentDecryptionTrigger.Block),
 			TxPointer: uint64(currentDecryptionTrigger.TxPointer),
-			Signature: []byte("signed"),
+			Signature: signature,
 		},
 	}
 	return msg, nil

rolling-shutter/keyperimpl/gnosis/slotdecryptionsignatures.go

@@ -0,0 +1,51 @@
+package gnosis
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"encoding/binary"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+
+	"github.com/shutter-network/rolling-shutter/rolling-shutter/medley/identitypreimage"
+)
+
+type SlotDecryptionSignatureData struct {
+	InstanceID        uint64
+	Eon               uint64
+	Slot              uint64
+	TxPointer         uint64
+	IdentityPreimages []identitypreimage.IdentityPreimage
+}
+
+func HashSlotDecryptionSignatureData(data *SlotDecryptionSignatureData) common.Hash {
+	// all fields are fixed size and identity preimages are ordered, so there is no malleability if we just append all fields
+	buf := new(bytes.Buffer)
+	_ = binary.Write(buf, binary.BigEndian, data.InstanceID)
+	_ = binary.Write(buf, binary.BigEndian, data.Eon)
+	_ = binary.Write(buf, binary.BigEndian, data.Slot)
+	_ = binary.Write(buf, binary.BigEndian, data.TxPointer)
+	for _, preimage := range data.IdentityPreimages {
+		_ = binary.Write(buf, binary.BigEndian, preimage)
+	}
+	return crypto.Keccak256Hash(buf.Bytes())
+}
+
+func ComputeSlotDecryptionSignature(
+	data *SlotDecryptionSignatureData,
+	key *ecdsa.PrivateKey,
+) ([]byte, error) {
+	h := HashSlotDecryptionSignatureData(data)
+	return crypto.Sign(h.Bytes(), key)
+}
+
+func CheckSlotDecryptionSignature(data *SlotDecryptionSignatureData, signature []byte, address common.Address) (bool, error) {
+	h := HashSlotDecryptionSignatureData(data)
+	signerPubkey, err := crypto.SigToPub(h.Bytes(), signature)
+	if err != nil {
+		return false, err
+	}
+	signerAddress := crypto.PubkeyToAddress(*signerPubkey)
+	return signerAddress == address, nil
+}