From 87f63f5b838702ec10e15a035094abc8b6860921 Mon Sep 17 00:00:00 2001 From: cce <51567+cce@users.noreply.github.com> Date: Thu, 18 Aug 2022 16:40:49 -0400 Subject: [PATCH 1/2] lint: fix linter errors and update CI to require passing (#4241) --- merklesignature/const.go | 3 ++- stateproof/coinGenerator.go | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/merklesignature/const.go b/merklesignature/const.go index c98321b514..767f14aaef 100644 --- a/merklesignature/const.go +++ b/merklesignature/const.go @@ -18,6 +18,7 @@ package merklesignature import ( "fmt" + "github.com/algorand/go-algorand/crypto" ) @@ -40,7 +41,7 @@ const ( var NoKeysCommitment = Commitment{} func init() { - // no keys generated, inner tree of merkle siganture scheme is empty. + // no keys generated, inner tree of merkle signature scheme is empty. o, err := New(KeyLifetimeDefault+1, KeyLifetimeDefault+2, KeyLifetimeDefault) if err != nil { panic(fmt.Errorf("initializing empty merkle signature scheme failed, err: %w", err)) diff --git a/stateproof/coinGenerator.go b/stateproof/coinGenerator.go index 320232fbaa..fa88c57706 100644 --- a/stateproof/coinGenerator.go +++ b/stateproof/coinGenerator.go @@ -18,9 +18,10 @@ package stateproof import ( "encoding/binary" - "golang.org/x/crypto/sha3" "math/big" + "golang.org/x/crypto/sha3" + "github.com/algorand/go-algorand/crypto" "github.com/algorand/go-algorand/protocol" ) @@ -75,7 +76,7 @@ func makeCoinGenerator(choice *coinChoiceSeed) coinGenerator { choice.version = VersionForCoinGenerator rep := crypto.HashRep(choice) shk := sha3.NewShake256() - shk.Write(rep) + shk.Write(rep) //nolint:errcheck // ShakeHash.Write may panic, but does not return error threshold := prepareRejectionSamplingThreshold(choice.signedWeight) return coinGenerator{shkContext: shk, signedWeight: choice.signedWeight, threshold: threshold} @@ -111,7 +112,7 @@ func (cg *coinGenerator) getNextCoin() uint64 { var randNumFromXof uint64 for { var shakeDigest [8]byte - cg.shkContext.Read(shakeDigest[:]) + cg.shkContext.Read(shakeDigest[:]) //nolint:errcheck // ShakeHash.Read never returns error randNumFromXof = binary.LittleEndian.Uint64(shakeDigest[:]) z := &big.Int{} From d46f46adf0b88a962328c33ef18ba8b091bca0de Mon Sep 17 00:00:00 2001 From: Shant Karakashian <55754073+algonautshant@users.noreply.github.com> Date: Fri, 30 Sep 2022 03:57:49 -0400 Subject: [PATCH 2/2] BatchVerifier: rename and unexport local functions in verify/txn (#4578) --- batchverifier.go | 11 +++++----- batchverifier_test.go | 4 ++-- multisig.go | 49 ++++++++++++++--------------------------- multisig_test.go | 51 +++++++++++++++---------------------------- 4 files changed, 40 insertions(+), 75 deletions(-) diff --git a/batchverifier.go b/batchverifier.go index cce8e06d7e..db8ffe6426 100644 --- a/batchverifier.go +++ b/batchverifier.go @@ -53,7 +53,6 @@ const minBatchVerifierAlloc = 16 // Batch verifications errors var ( ErrBatchVerificationFailed = errors.New("At least one signature didn't pass verification") - ErrZeroTransactionInBatch = errors.New("Could not validate empty signature set") ) //export ed25519_randombytes_unsafe @@ -104,19 +103,19 @@ func (b *BatchVerifier) expand() { b.signatures = signatures } -// GetNumberOfEnqueuedSignatures returns the number of signatures current enqueue onto the bacth verifier object -func (b *BatchVerifier) GetNumberOfEnqueuedSignatures() int { +// getNumberOfEnqueuedSignatures returns the number of signatures current enqueue onto the bacth verifier object +func (b *BatchVerifier) getNumberOfEnqueuedSignatures() int { return len(b.messages) } // Verify verifies that all the signatures are valid. in that case nil is returned // if the batch is zero an appropriate error is return. func (b *BatchVerifier) Verify() error { - if b.GetNumberOfEnqueuedSignatures() == 0 { - return ErrZeroTransactionInBatch + if b.getNumberOfEnqueuedSignatures() == 0 { + return nil } - var messages = make([][]byte, b.GetNumberOfEnqueuedSignatures()) + var messages = make([][]byte, b.getNumberOfEnqueuedSignatures()) for i, m := range b.messages { messages[i] = HashRep(m) } diff --git a/batchverifier_test.go b/batchverifier_test.go index 781a80e174..4469da400b 100644 --- a/batchverifier_test.go +++ b/batchverifier_test.go @@ -62,7 +62,7 @@ func TestBatchVerifierBulk(t *testing.T) { sig := sigSecrets.Sign(msg) bv.EnqueueSignature(sigSecrets.SignatureVerifier, msg, sig) } - require.Equal(t, n, bv.GetNumberOfEnqueuedSignatures()) + require.Equal(t, n, bv.getNumberOfEnqueuedSignatures()) require.NoError(t, bv.Verify()) } @@ -122,5 +122,5 @@ func BenchmarkBatchVerifier(b *testing.B) { func TestEmpty(t *testing.T) { partitiontest.PartitionTest(t) bv := MakeBatchVerifier() - require.Error(t, bv.Verify()) + require.NoError(t, bv.Verify()) } diff --git a/multisig.go b/multisig.go index 53386ebc97..62ec187a2b 100644 --- a/multisig.go +++ b/multisig.go @@ -216,33 +216,23 @@ func MultisigAssemble(unisig []MultisigSig) (msig MultisigSig, err error) { } // MultisigVerify verifies an assembled MultisigSig -func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (verified bool, err error) { +func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (err error) { batchVerifier := MakeBatchVerifier() - if verified, err = MultisigBatchVerify(msg, addr, sig, batchVerifier); err != nil { + if err = MultisigBatchPrep(msg, addr, sig, batchVerifier); err != nil { return } - if !verified { - return - } - if batchVerifier.GetNumberOfEnqueuedSignatures() == 0 { - return true, nil - } - if err = batchVerifier.Verify(); err != nil { - return false, err - } - return true, nil + err = batchVerifier.Verify() + return } -// MultisigBatchVerify verifies an assembled MultisigSig. -// it is the caller responsibility to call batchVerifier.verify() -func MultisigBatchVerify(msg Hashable, addr Digest, sig MultisigSig, batchVerifier *BatchVerifier) (verified bool, err error) { - verified = false +// MultisigBatchPrep performs checks on the assembled MultisigSig and adds to the batch. +// The caller must call batchVerifier.verify() to verify it. +func MultisigBatchPrep(msg Hashable, addr Digest, sig MultisigSig, batchVerifier *BatchVerifier) (err error) { // short circuit: if msig doesn't have subsigs or if Subsigs are empty // then terminate (the upper layer should now verify the unisig) if (len(sig.Subsigs) == 0 || sig.Subsigs[0] == MultisigSubsig{}) { - err = errInvalidNumberOfSignature - return + return errInvalidNumberOfSignature } // check the address is correct @@ -251,20 +241,17 @@ func MultisigBatchVerify(msg Hashable, addr Digest, sig MultisigSig, batchVerifi return } if addr != addrnew { - err = errInvalidAddress - return + return errInvalidAddress } // check that we don't have too many multisig subsigs if len(sig.Subsigs) > maxMultisig { - err = errInvalidNumberOfSignature - return + return errInvalidNumberOfSignature } // check that we don't have too few multisig subsigs if len(sig.Subsigs) < int(sig.Threshold) { - err = errInvalidNumberOfSignature - return + return errInvalidNumberOfSignature } // checks the number of non-blank signatures is no less than threshold @@ -275,27 +262,23 @@ func MultisigBatchVerify(msg Hashable, addr Digest, sig MultisigSig, batchVerifi } } if counter < sig.Threshold { - err = errInvalidNumberOfSignature - return + return errInvalidNumberOfSignature } // checks individual signature verifies - var verifiedCount int + var sigCount int for _, subsigi := range sig.Subsigs { if (subsigi.Sig != Signature{}) { batchVerifier.EnqueueSignature(subsigi.Key, msg, subsigi.Sig) - verifiedCount++ + sigCount++ } } // sanity check. if we get here then every non-blank subsig should have // been verified successfully, and we should have had enough of them - if verifiedCount < int(sig.Threshold) { - err = errInvalidNumberOfSignature - return + if sigCount < int(sig.Threshold) { + return errInvalidNumberOfSignature } - - verified = true return } diff --git a/multisig_test.go b/multisig_test.go index 28eec24598..5035300d21 100644 --- a/multisig_test.go +++ b/multisig_test.go @@ -136,15 +136,13 @@ func TestMultisig(t *testing.T) { require.NoError(t, err, "Multisig: unexpected failure in generating sig from pk 2") msig, err = MultisigAssemble(sigs) require.NoError(t, err, "Multisig: unexpected failure when assembling multisig") - verify, err := MultisigVerify(txid, addr, msig) + err = MultisigVerify(txid, addr, msig) require.NoError(t, err, "Multisig: unexpected verification failure with err") - require.True(t, verify, "Multisig: verification failed, verify flag was false") //test3: use the batch verification br := MakeBatchVerifier() - verify, err = MultisigBatchVerify(txid, addr, msig, br) + err = MultisigBatchPrep(txid, addr, msig, br) require.NoError(t, err, "Multisig: unexpected verification failure with err") - require.True(t, verify, "Multisig: verification failed, verify flag was false") res := br.Verify() require.NoError(t, res, "Multisig: batch verification failed") } @@ -200,8 +198,7 @@ func TestMultisigAddAndMerge(t *testing.T) { require.NoError(t, err, "Multisig: unexpected failure signing with pk 2") err = MultisigAdd(sigs, &msig1) require.NoError(t, err, "Multisig: unexpected err adding pk 2 signature to that of pk 0 and 1") - verify, err := MultisigVerify(txid, addr, msig1) - require.True(t, verify, "Multisig: verification failed, verify flag was false") + err = MultisigVerify(txid, addr, msig1) require.NoError(t, err, "Multisig: unexpected verification failure with err") // msig2 = {sig3, sig4} @@ -215,9 +212,8 @@ func TestMultisigAddAndMerge(t *testing.T) { // merge two msigs and then verify msigt, err := MultisigMerge(msig1, msig2) require.NoError(t, err, "Multisig: unexpected failure merging multisig messages {0, 1, 2} and {3, 4}") - verify, err = MultisigVerify(txid, addr, msigt) + err = MultisigVerify(txid, addr, msigt) require.NoError(t, err, "Multisig: unexpected verification failure with err") - require.True(t, verify, "Multisig: verification failed, verify flag was false") // create a valid duplicate on purpose // msig1 = {sig0, sig1, sig2} @@ -230,9 +226,8 @@ func TestMultisigAddAndMerge(t *testing.T) { require.NoError(t, err, "Multisig: unexpected failure adding pk 2 signature to that of pk 3 and 4") msigt, err = MultisigMerge(msig1, msig2) require.NoError(t, err, "Multisig: unexpected failure merging multisig messages {0, 1, 2} and {2, 3, 4}") - verify, err = MultisigVerify(txid, addr, msigt) + err = MultisigVerify(txid, addr, msigt) require.NoError(t, err, "Multisig: unexpected verification failure with err") - require.True(t, verify, "Multisig: verification failed, verify flag was false") return } @@ -254,12 +249,10 @@ func TestEmptyMultisig(t *testing.T) { addr, err := MultisigAddrGen(version, threshold, pks) require.NoError(t, err, "Multisig: unexpected failure generating message digest") emptyMutliSig := MultisigSig{Version: version, Threshold: threshold, Subsigs: make([]MultisigSubsig, 0)} - verify, err := MultisigVerify(txid, addr, emptyMutliSig) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigVerify(txid, addr, emptyMutliSig) require.Error(t, err, "Multisig: did not return error as expected") br := MakeBatchVerifier() - verify, err = MultisigBatchVerify(txid, addr, emptyMutliSig, br) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigBatchPrep(txid, addr, emptyMutliSig, br) require.Error(t, err, "Multisig: did not return error as expected") } @@ -282,12 +275,10 @@ func TestIncorrectAddrresInMultisig(t *testing.T) { MutliSig, err := MultisigSign(txid, addr, version, threshold, pks, *secrets) require.NoError(t, err, "Multisig: could not create mutlisig") addr[0] = addr[0] + 1 - verify, err := MultisigVerify(txid, addr, MutliSig) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigVerify(txid, addr, MutliSig) require.Error(t, err, "Multisig: did not return error as expected") br := MakeBatchVerifier() - verify, err = MultisigBatchVerify(txid, addr, MutliSig, br) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigBatchPrep(txid, addr, MutliSig, br) require.Error(t, err, "Multisig: did not return error as expected") } @@ -321,12 +312,10 @@ func TestMoreThanMaxSigsInMultisig(t *testing.T) { msig, err := MultisigAssemble(sigs) require.NoError(t, err, "Multisig: error assmeble multisig") - verify, err := MultisigVerify(txid, addr, msig) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigVerify(txid, addr, msig) require.Error(t, err, "Multisig: did not return error as expected") br := MakeBatchVerifier() - verify, err = MultisigBatchVerify(txid, addr, msig, br) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigBatchPrep(txid, addr, msig, br) require.Error(t, err, "Multisig: did not return error as expected") } @@ -360,12 +349,10 @@ func TestOneSignatureIsEmpty(t *testing.T) { msig, err := MultisigAssemble(sigs) require.NoError(t, err, "Multisig: error assmeble multisig") msig.Subsigs[0].Sig = Signature{} - verify, err := MultisigVerify(txid, addr, msig) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigVerify(txid, addr, msig) require.Error(t, err, "Multisig: did not return error as expected") br := MakeBatchVerifier() - verify, err = MultisigBatchVerify(txid, addr, msig, br) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigBatchPrep(txid, addr, msig, br) require.Error(t, err, "Multisig: did not return error as expected") } @@ -401,13 +388,11 @@ func TestOneSignatureIsInvalid(t *testing.T) { sigs[1].Subsigs[1].Sig[5] = sigs[1].Subsigs[1].Sig[5] + 1 msig, err := MultisigAssemble(sigs) require.NoError(t, err, "Multisig: error assmeble multisig") - verify, err := MultisigVerify(txid, addr, msig) - require.False(t, verify, "Multisig: verification succeeded, it should failed") + err = MultisigVerify(txid, addr, msig) require.Error(t, err, "Multisig: did not return error as expected") br := MakeBatchVerifier() - verify, err = MultisigBatchVerify(txid, addr, msig, br) + err = MultisigBatchPrep(txid, addr, msig, br) require.NoError(t, err, "Multisig: did not return error as expected") - require.True(t, verify, "Multisig: verification succeeded, it should failed") res := br.Verify() require.Error(t, res, "Multisig: batch verification passed on broken signature") @@ -455,15 +440,13 @@ func TestMultisigLessThanTrashold(t *testing.T) { msig, err = MultisigAssemble(sigs) require.NoError(t, err, "should be able to detect insufficient signatures for assembling") msig.Subsigs[1].Sig = BlankSignature - verify, err := MultisigVerify(txid, addr, msig) - require.False(t, verify, "Multisig: verification passed, should have failed") + err = MultisigVerify(txid, addr, msig) require.Error(t, err, "Multisig: expected verification failure with err") msig, err = MultisigAssemble(sigs) require.NoError(t, err, "should be able to detect insufficient signatures for assembling") msig.Subsigs = msig.Subsigs[:len(msig.Subsigs)-1] - verify, err = MultisigVerify(txid, addr, msig) - require.False(t, verify, "Multisig: verification passed, should have failed") + err = MultisigVerify(txid, addr, msig) require.Error(t, err, "Multisig: expected verification failure with err") }