From adea224edff758c9a6f347a556881b63e08b2d21 Mon Sep 17 00:00:00 2001 From: pavelkrolevets Date: Thu, 5 Sep 2024 13:26:46 +0300 Subject: [PATCH 1/4] fix share encryption --- operator.go | 2 +- result.go | 5 ++--- types.go | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/operator.go b/operator.go index 67bd3dd..fab8d5d 100644 --- a/operator.go +++ b/operator.go @@ -38,7 +38,7 @@ func (op *Operator) Init( depositDataSig := share.SignByte(depositDataRoot[:]) // sign proof - encryptedShare, err := crypto.Encrypt(&sk.PublicKey, share.Serialize()) + encryptedShare, err := crypto.Encrypt(&sk.PublicKey, []byte(share.SerializeToHexStr())) if err != nil { return nil, err } diff --git a/result.go b/result.go index aca7f99..b6dca0b 100644 --- a/result.go +++ b/result.go @@ -5,12 +5,11 @@ import ( "crypto/rsa" "fmt" - "github.com/ssvlabs/dkg-spec/crypto" - "github.com/attestantio/go-eth2-client/spec/phase0" "github.com/ethereum/go-ethereum/common" eth_crypto "github.com/ethereum/go-ethereum/crypto" "github.com/herumi/bls-eth-go-binary/bls" + "github.com/ssvlabs/dkg-spec/crypto" ) func BuildResult( @@ -37,7 +36,7 @@ func BuildResult( depositDataSig := share.SignByte(depositDataRoot[:]) // sign proof - encryptedShare, err := crypto.Encrypt(&sk.PublicKey, share.Serialize()) + encryptedShare, err := crypto.Encrypt(&sk.PublicKey, []byte(share.SerializeToHexStr())) if err != nil { return nil, err } diff --git a/types.go b/types.go index 8676a13..072e621 100644 --- a/types.go +++ b/types.go @@ -43,7 +43,7 @@ type Reshare struct { type SignedReshare struct { Reshare Reshare - // Signature is an ECDSA signature over proof + // Signature is an ECDSA signature over reshare hash Signature []byte `ssz-max:"1536"` // 64 * 24 } From c99a8b1abb64044ec548ac85b581c49ef5d3b57a Mon Sep 17 00:00:00 2001 From: pavelkrolevets Date: Thu, 5 Sep 2024 13:26:46 +0300 Subject: [PATCH 2/4] fix share encryption --- operator.go | 2 +- result.go | 5 ++--- types.go | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/operator.go b/operator.go index 23f15b1..408cd19 100644 --- a/operator.go +++ b/operator.go @@ -39,7 +39,7 @@ func OperatorInit( depositDataSig := share.SignByte(depositDataRoot[:]) // sign proof - encryptedShare, err := crypto.Encrypt(&sk.PublicKey, share.Serialize()) + encryptedShare, err := crypto.Encrypt(&sk.PublicKey, []byte(share.SerializeToHexStr())) if err != nil { return nil, err } diff --git a/result.go b/result.go index 0439b21..8eaa2e8 100644 --- a/result.go +++ b/result.go @@ -5,12 +5,11 @@ import ( "crypto/rsa" "fmt" - "github.com/ssvlabs/dkg-spec/crypto" - "github.com/attestantio/go-eth2-client/spec/phase0" "github.com/ethereum/go-ethereum/common" eth_crypto "github.com/ethereum/go-ethereum/crypto" "github.com/herumi/bls-eth-go-binary/bls" + "github.com/ssvlabs/dkg-spec/crypto" ) func BuildResult( @@ -37,7 +36,7 @@ func BuildResult( depositDataSig := share.SignByte(depositDataRoot[:]) // sign proof - encryptedShare, err := crypto.Encrypt(&sk.PublicKey, share.Serialize()) + encryptedShare, err := crypto.Encrypt(&sk.PublicKey, []byte(share.SerializeToHexStr())) if err != nil { return nil, err } diff --git a/types.go b/types.go index 8676a13..072e621 100644 --- a/types.go +++ b/types.go @@ -43,7 +43,7 @@ type Reshare struct { type SignedReshare struct { Reshare Reshare - // Signature is an ECDSA signature over proof + // Signature is an ECDSA signature over reshare hash Signature []byte `ssz-max:"1536"` // 64 * 24 } From 1cae80855ea3888fe37772d4dc4b0bf2bbcb52a3 Mon Sep 17 00:00:00 2001 From: Matus Kysel Date: Thu, 5 Sep 2024 21:33:31 +0200 Subject: [PATCH 3/4] extend test to check encrypted share --- crypto/rsa.go | 4 ++++ testing/result_test.go | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/rsa.go b/crypto/rsa.go index bccd32a..48572ea 100644 --- a/crypto/rsa.go +++ b/crypto/rsa.go @@ -77,3 +77,7 @@ func EncodeRSAPublicKey(pk *rsa.PublicKey) ([]byte, error) { func Encrypt(pub *rsa.PublicKey, msg []byte) ([]byte, error) { return rsa.EncryptPKCS1v15(rand.Reader, pub, msg) } + +func Decrypt(pk *rsa.PrivateKey, msg []byte) ([]byte, error) { + return rsa.DecryptPKCS1v15(rand.Reader, pk, msg) +} diff --git a/testing/result_test.go b/testing/result_test.go index 1bc7d49..f7fc190 100644 --- a/testing/result_test.go +++ b/testing/result_test.go @@ -5,6 +5,7 @@ import ( "github.com/ethereum/go-ethereum/common" spec "github.com/ssvlabs/dkg-spec" + spec_crypto "github.com/ssvlabs/dkg-spec/crypto" "github.com/ssvlabs/dkg-spec/testing/fixtures" "github.com/stretchr/testify/require" @@ -34,8 +35,10 @@ func TestBuildResult(t *testing.T) { fixtures.TestNonce, result, )) + decryptedShare, err := spec_crypto.Decrypt(fixtures.OperatorSK(fixtures.TestOperator1SK), result.SignedProof.Proof.EncryptedShare) + require.NoError(t, err) + require.EqualValues(t, []byte(fixtures.ShareSK(fixtures.TestValidator4OperatorsShare1).SerializeToHexStr()), decryptedShare) }) - } func TestValidateResults(t *testing.T) { From 530d6d5727a7642c2340f45fdca0d2971b365071 Mon Sep 17 00:00:00 2001 From: Matus Kysel Date: Thu, 5 Sep 2024 21:34:04 +0200 Subject: [PATCH 4/4] make error msg more generic --- crypto/signature.go | 2 +- crypto/signature_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/signature.go b/crypto/signature.go index 758efd3..9a45d69 100644 --- a/crypto/signature.go +++ b/crypto/signature.go @@ -39,7 +39,7 @@ func VerifySignedMessageByOwner( address := eth_crypto.PubkeyToAddress(*pk) if common.Address(owner).Cmp(address) != 0 { - return fmt.Errorf("invalid signed reshare signature") + return fmt.Errorf("signature invalid") } } else { // EIP 1271 signature diff --git a/crypto/signature_test.go b/crypto/signature_test.go index baca765..bdd9736 100644 --- a/crypto/signature_test.go +++ b/crypto/signature_test.go @@ -78,7 +78,7 @@ func TestVerifySignedReshare(t *testing.T) { require.EqualError(t, VerifySignedMessageByOwner(stubClient, [20]byte{}, plain, - sig), "invalid signed reshare signature") + sig), "signature invalid") }) t.Run("valid contract signature", func(t *testing.T) {