vacp2p/linea-besu
1
0
Fork 0
mirror of https://github.com/vacp2p/linea-besu.git synced 2026-01-08 20:47:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix 7702 signature bound checks (#7641)

Browse Source 
* create separate signature class for code delegations as they have different bound checks

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>

* test if increasing xmx let's failing acceptance test pass

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>

* javadoc

Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com>

---------

Signed-off-by: Daniel Lehrner <daniel.lehrner@consensys.net>
Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com>
Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com>
This commit is contained in:
daniellehrner
2024-09-20 03:56:25 +02:00
committed by GitHub
parent 25186d3221
commit cb1e36a992
8 changed files with 193 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/acceptance-tests.yml vendored
View File

@@ -11,7 +11,7 @@ concurrency:
cancel-in-progress: true
env:
GRADLE_OPTS: "-Xmx6g"
GRADLE_OPTS: "-Xmx7g"
total-runners: 12
jobs:

6
crypto/algorithms/src/main/java/org/hyperledger/besu/crypto/AbstractSECP256.java
View File

@@ -212,6 +212,12 @@ public abstract class AbstractSECP256 implements SignatureAlgorithm {
return SECPSignature.create(r, s, recId, curveOrder);
}
@Override
public CodeDelegationSignature createCodeDelegationSignature(
final BigInteger r, final BigInteger s, final long yParity) {
return CodeDelegationSignature.create(r, s, yParity);
}
@Override
public SECPSignature decodeSignature(final Bytes bytes) {
return SECPSignature.decode(bytes, curveOrder);

59
crypto/algorithms/src/main/java/org/hyperledger/besu/crypto/CodeDelegationSignature.java Normal file
View File

@@ -0,0 +1,59 @@
/*
* Copyright contributors to Hyperledger Besu.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
*/
package org.hyperledger.besu.crypto;
import static com.google.common.base.Preconditions.checkNotNull;
import java.math.BigInteger;
/** Secp signature with code delegation. */
public class CodeDelegationSignature extends SECPSignature {
private static final BigInteger TWO_POW_256 = BigInteger.TWO.pow(256);
/**
* Instantiates a new SECPSignature.
*
* @param r the r part of the signature
* @param s the s part of the signature
* @param yParity the parity of the y coordinate of the public key
*/
public CodeDelegationSignature(final BigInteger r, final BigInteger s, final byte yParity) {
super(r, s, yParity);
}
/**
* Create a new CodeDelegationSignature.
*
* @param r the r part of the signature
* @param s the s part of the signature
* @param yParity the parity of the y coordinate of the public key
* @return the new CodeDelegationSignature
*/
public static CodeDelegationSignature create(
final BigInteger r, final BigInteger s, final long yParity) {
checkNotNull(r);
checkNotNull(s);
if (r.compareTo(TWO_POW_256) >= 0) {
throw new IllegalArgumentException("Invalid 'r' value, should be < 2^256 but got " + r);
}
if (s.compareTo(TWO_POW_256) >= 0) {
throw new IllegalArgumentException("Invalid 's' value, should be < 2^256 but got " + s);
}
return new CodeDelegationSignature(r, s, (byte) yParity);
}
}

11
crypto/algorithms/src/main/java/org/hyperledger/besu/crypto/SignatureAlgorithm.java
View File

@@ -215,6 +215,17 @@ public interface SignatureAlgorithm {
*/
SECPSignature createSignature(final BigInteger r, final BigInteger s, final byte recId);
/**
* Create code delegation signature which have different bounds than transaction signatures.
*
* @param r the r part of the signature
* @param s the s part of the signature
* @param yParity the parity of the y coordinate of the public key
* @return the code delegation signature
*/
CodeDelegationSignature createCodeDelegationSignature(
final BigInteger r, final BigInteger s, final long yParity);
/**
* Decode secp signature.
*

93
crypto/algorithms/src/test/java/org/hyperledger/besu/crypto/CodeDelegationSignatureTest.java Normal file
View File

@@ -0,0 +1,93 @@
/*
* Copyright contributors to Hyperledger Besu.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
*/
package org.hyperledger.besu.crypto;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import java.math.BigInteger;
import org.junit.jupiter.api.Test;
class CodeDelegationSignatureTest {
private static final BigInteger TWO_POW_256 = BigInteger.valueOf(2).pow(256);
@Test
void testValidInputs() {
BigInteger r = BigInteger.ONE;
BigInteger s = BigInteger.TEN;
long yParity = 1L;
CodeDelegationSignature result = CodeDelegationSignature.create(r, s, yParity);
assertThat(r).isEqualTo(result.getR());
assertThat(s).isEqualTo(result.getS());
assertThat((byte) yParity).isEqualTo(result.getRecId());
}
@Test
void testNullRValue() {
BigInteger s = BigInteger.TEN;
long yParity = 0L;
assertThatExceptionOfType(NullPointerException.class)
.isThrownBy(() -> CodeDelegationSignature.create(null, s, yParity));
}
@Test
void testNullSValue() {
BigInteger r = BigInteger.ONE;
long yParity = 0L;
assertThatExceptionOfType(NullPointerException.class)
.isThrownBy(() -> CodeDelegationSignature.create(r, null, yParity));
}
@Test
void testRValueExceedsTwoPow256() {
BigInteger r = TWO_POW_256;
BigInteger s = BigInteger.TEN;
long yParity = 0L;
assertThatExceptionOfType(IllegalArgumentException.class)
.isThrownBy(() -> CodeDelegationSignature.create(r, s, yParity))
.withMessageContainingAll("Invalid 'r' value, should be < 2^256");
}
@Test
void testSValueExceedsTwoPow256() {
BigInteger r = BigInteger.ONE;
BigInteger s = TWO_POW_256;
long yParity = 0L;
assertThatExceptionOfType(IllegalArgumentException.class)
.isThrownBy(() -> CodeDelegationSignature.create(r, s, yParity))
.withMessageContainingAll("Invalid 's' value, should be < 2^256");
}
@Test
void testValidYParityZero() {
BigInteger r = BigInteger.ONE;
BigInteger s = BigInteger.TEN;
long yParity = 0L;
CodeDelegationSignature result = CodeDelegationSignature.create(r, s, yParity);
assertThat(r).isEqualTo(result.getR());
assertThat(s).isEqualTo(result.getS());
assertThat((byte) yParity).isEqualTo(result.getRecId());
}
}

5
ethereum/core/src/main/java/org/hyperledger/besu/ethereum/core/encoding/CodeDelegationTransactionDecoder.java
View File

@@ -81,13 +81,14 @@ public class CodeDelegationTransactionDecoder {
final Address address = Address.wrap(input.readBytes());
final long nonce = input.readLongScalar();
final byte yParity = (byte) input.readUnsignedByteScalar();
final long yParity = input.readUnsignedIntScalar();
final BigInteger r = input.readUInt256Scalar().toUnsignedBigInteger();
final BigInteger s = input.readUInt256Scalar().toUnsignedBigInteger();
input.leaveList();
final SECPSignature signature = SIGNATURE_ALGORITHM.get().createSignature(r, s, yParity);
final SECPSignature signature =
SIGNATURE_ALGORITHM.get().createCodeDelegationSignature(r, s, yParity);
return new org.hyperledger.besu.ethereum.core.CodeDelegation(
chainId, address, nonce, signature);

8
ethereum/core/src/main/java/org/hyperledger/besu/ethereum/mainnet/MainnetTransactionValidator.java
View File

@@ -52,6 +52,8 @@ import org.bouncycastle.crypto.digests.SHA256Digest;
*/
public class MainnetTransactionValidator implements TransactionValidator {
public static final BigInteger TWO_POW_256 = BigInteger.TWO.pow(256);
private final GasCalculator gasCalculator;
private final GasLimitCalculator gasLimitCalculator;
private final FeeMarket feeMarket;
@@ -163,6 +165,12 @@ public class MainnetTransactionValidator implements TransactionValidator {
.map(
codeDelegations -> {
for (CodeDelegation codeDelegation : codeDelegations) {
if (codeDelegation.chainId().compareTo(TWO_POW_256) >= 0) {
throw new IllegalArgumentException(
"Invalid 'chainId' value, should be < 2^256 but got "
+ codeDelegation.chainId());
}
if (codeDelegation.signature().getS().compareTo(halfCurveOrder) > 0) {
return ValidationResult.invalid(
TransactionInvalidReason.INVALID_SIGNATURE,

12
ethereum/core/src/test/java/org/hyperledger/besu/ethereum/core/encoding/CodeDelegationDecoderTest.java
View File

@@ -99,4 +99,16 @@ class CodeDelegationDecoderTest {
assertThat(signature.getS().toString(16))
.isEqualTo("3c8a25b2becd6e666f69803d1ae3322f2e137b7745c2c7f19da80f993ffde4df");
}
@Test
void shouldDecodeInnerPayloadWhenSignatureIsZero() {
final BytesValueRLPInput input =
new BytesValueRLPInput(
Bytes.fromHexString(
"0xdf8501a1f0ff5a947a40026a3b9a41754a95eec8c92c6b99886f440c5b808080"),
true);
final CodeDelegation authorization = CodeDelegationTransactionDecoder.decodeInnerPayload(input);
assertThat(authorization.chainId()).isEqualTo(new BigInteger("01a1f0ff5a", 16));
}
}