Merge pull request #6665 from multiversx/fixes-header-sig-verification

Fixes header sig verification

Author: ssd04

cmd/node/factory/interface.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/multiversx/mx-chain-core-go/core"
 	"github.com/multiversx/mx-chain-core-go/data"
+
 	"github.com/multiversx/mx-chain-go/p2p"
 )
 
@@ -15,7 +16,6 @@ type HeaderSigVerifierHandler interface {
 	VerifyRandSeedAndLeaderSignature(header data.HeaderHandler) error
 	VerifySignature(header data.HeaderHandler) error
 	VerifySignatureForHash(header data.HeaderHandler, hash []byte, pubkeysBitmap []byte, signature []byte) error
-	VerifyPreviousBlockProof(header data.HeaderHandler) error
 	VerifyHeaderProof(headerProof data.HeaderProofHandler) error
 	IsInterfaceNil() bool
 }

consensus/broadcast/delayedBroadcast.go

@@ -699,9 +699,8 @@ func (dbb *delayedBlockBroadcaster) interceptedHeader(_ string, headerHash []byt
 
 	// TODO: should be handled from interceptor
 	proof := headerHandler.GetPreviousProof()
-
 	var aggSig, bitmap []byte
-	if proof != nil {
+	if !check.IfNilReflect(proof) {
 		aggSig, bitmap = proof.GetAggregatedSignature(), proof.GetPubKeysBitmap()
 	}
 

consensus/interface.go

@@ -127,13 +127,13 @@ type HeaderSigVerifier interface {
 	VerifyLeaderSignature(header data.HeaderHandler) error
 	VerifySignature(header data.HeaderHandler) error
 	VerifySignatureForHash(header data.HeaderHandler, hash []byte, pubkeysBitmap []byte, signature []byte) error
-	VerifyPreviousBlockProof(header data.HeaderHandler) error
 	VerifyHeaderProof(headerProof data.HeaderProofHandler) error
 	IsInterfaceNil() bool
 }
 
 // FallbackHeaderValidator defines the behaviour of a component able to signal when a fallback header validation could be applied
 type FallbackHeaderValidator interface {
+	ShouldApplyFallbackValidationForHeaderWith(shardID uint32, startOfEpochBlock bool, round uint64, prevHeaderHash []byte) bool
 	ShouldApplyFallbackValidation(headerHandler data.HeaderHandler) bool
 	IsInterfaceNil() bool
 }

consensus/spos/bls/v1/subroundBlock.go

@@ -415,9 +415,14 @@ func (sr *subroundBlock) receivedBlockBodyAndHeader(ctx context.Context, cnsDta
 		return false
 	}
 
+	header := sr.BlockProcessor().DecodeBlockHeader(cnsDta.Header)
+	if headerHasProof(header) {
+		return false
+	}
+
 	sr.SetData(cnsDta.BlockHeaderHash)
 	sr.SetBody(sr.BlockProcessor().DecodeBlockBody(cnsDta.Body))
-	sr.SetHeader(sr.BlockProcessor().DecodeBlockHeader(cnsDta.Header))
+	sr.SetHeader(header)
 
 	isInvalidData := check.IfNil(sr.GetBody()) || sr.isInvalidHeaderOrData()
 	if isInvalidData {
@@ -514,8 +519,13 @@ func (sr *subroundBlock) receivedBlockHeader(ctx context.Context, cnsDta *consen
 		return false
 	}
 
+	header := sr.BlockProcessor().DecodeBlockHeader(cnsDta.Header)
+	if headerHasProof(header) {
+		return false
+	}
+
 	sr.SetData(cnsDta.BlockHeaderHash)
-	sr.SetHeader(sr.BlockProcessor().DecodeBlockHeader(cnsDta.Header))
+	sr.SetHeader(header)
 
 	if sr.isInvalidHeaderOrData() {
 		return false
@@ -535,6 +545,13 @@ func (sr *subroundBlock) receivedBlockHeader(ctx context.Context, cnsDta *consen
 	return blockProcessedWithSuccess
 }
 
+func headerHasProof(headerHandler data.HeaderHandler) bool {
+	if check.IfNil(headerHandler) {
+		return false
+	}
+	return !check.IfNilReflect(headerHandler.GetPreviousProof())
+}
+
 func (sr *subroundBlock) processReceivedBlock(ctx context.Context, cnsDta *consensus.Message) bool {
 	if check.IfNil(sr.GetBody()) {
 		return false

consensus/spos/bls/v2/subroundBlock.go

@@ -9,6 +9,7 @@ import (
 	"github.com/multiversx/mx-chain-core-go/core"
 	"github.com/multiversx/mx-chain-core-go/core/check"
 	"github.com/multiversx/mx-chain-core-go/data"
+
 	"github.com/multiversx/mx-chain-go/common"
 	"github.com/multiversx/mx-chain-go/consensus"
 	"github.com/multiversx/mx-chain-go/consensus/spos"
@@ -110,7 +111,6 @@ func (sr *subroundBlock) doBlockJob(ctx context.Context) bool {
 		return false
 	}
 
-	// todo: check again the block proof verification & leader signature verification
 	// block proof verification should be done over the header that contains the leader signature
 	leaderSignature, err := sr.signBlockHeader(header)
 	if err != nil {
@@ -177,7 +177,7 @@ func printLogMessage(ctx context.Context, baseMessage string, err error) {
 	log.Debug(baseMessage, "error", err.Error())
 }
 
-func (sr *subroundBlock) sendBlock(header data.HeaderHandler, body data.BodyHandler, leader string) bool {
+func (sr *subroundBlock) sendBlock(header data.HeaderHandler, body data.BodyHandler, _ string) bool {
 	marshalledBody, err := sr.Marshalizer().Marshal(body)
 	if err != nil {
 		log.Debug("sendBlock.Marshal: body", "error", err.Error())

consensus/spos/errors.go

@@ -253,9 +253,6 @@ var ErrEquivalentMessageAlreadyReceived = errors.New("equivalent message already
 // ErrNilEnableEpochsHandler signals that a nil enable epochs handler has been provided
 var ErrNilEnableEpochsHandler = errors.New("nil enable epochs handler")
 
-// ErrMissingProposerSignature signals that proposer signature is missing
-var ErrMissingProposerSignature = errors.New("missing proposer signature")
-
 // ErrNilThrottler signals that a nil throttler has been provided
 var ErrNilThrottler = errors.New("nil throttler")
 
@@ -267,3 +264,9 @@ var ErrNilEquivalentProofPool = errors.New("nil equivalent proof pool")
 
 // ErrNilHeaderProof signals that a nil header proof has been provided
 var ErrNilHeaderProof = errors.New("nil header proof")
+
+// ErrHeaderProofNotExpected signals that a header proof was not expected
+var ErrHeaderProofNotExpected = errors.New("header proof not expected")
+
+// ErrConsensusMessageNotExpected signals that a consensus message was not expected
+var ErrConsensusMessageNotExpected = errors.New("consensus message not expected")

consensus/spos/interface.go

@@ -138,7 +138,7 @@ type HeaderSigVerifier interface {
 	VerifyLeaderSignature(header data.HeaderHandler) error
 	VerifySignature(header data.HeaderHandler) error
 	VerifySignatureForHash(header data.HeaderHandler, hash []byte, pubkeysBitmap []byte, signature []byte) error
-	VerifyPreviousBlockProof(header data.HeaderHandler) error
+	VerifyHeaderWithProof(header data.HeaderHandler) error
 	VerifyHeaderProof(headerProof data.HeaderProofHandler) error
 	IsInterfaceNil() bool
 }

consensus/spos/worker.go

@@ -525,10 +525,9 @@ func (wrk *Worker) doJobOnMessageWithHeader(cnsMsg *consensus.Message) error {
 			err)
 	}
 
-	err = wrk.headerSigVerifier.VerifyPreviousBlockProof(header)
+	err = wrk.checkHeaderPreviousProof(header)
 	if err != nil {
-		return fmt.Errorf("%w : verify previous block proof for received header from consensus topic failed",
-			err)
+		return err
 	}
 
 	wrk.processReceivedHeaderMetric(cnsMsg)
@@ -544,6 +543,18 @@ func (wrk *Worker) doJobOnMessageWithHeader(cnsMsg *consensus.Message) error {
 	return nil
 }
 
+func (wrk *Worker) checkHeaderPreviousProof(header data.HeaderHandler) error {
+	if wrk.enableEpochsHandler.IsFlagEnabledInEpoch(common.EquivalentMessagesFlag, header.GetEpoch()) {
+		return fmt.Errorf("%w : received header on consensus topic after equivalent messages activation", ErrConsensusMessageNotExpected)
+	}
+
+	if !check.IfNilReflect(header.GetPreviousProof()) {
+		return fmt.Errorf("%w : received header from consensus topic has previous proof", ErrHeaderProofNotExpected)
+	}
+
+	return nil
+}
+
 func (wrk *Worker) verifyHeaderHash(hash []byte, marshalledHeader []byte) bool {
 	computedHash := wrk.hasher.Compute(string(marshalledHeader))
 	return bytes.Equal(hash, computedHash)

dataRetriever/dataPool/proofsCache/proofsPool.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/multiversx/mx-chain-core-go/core/check"
 	"github.com/multiversx/mx-chain-core-go/data"
 	logger "github.com/multiversx/mx-chain-logger-go"
 )
@@ -26,7 +27,7 @@ func NewProofsPool() *proofsPool {
 func (pp *proofsPool) AddProof(
 	headerProof data.HeaderProofHandler,
 ) error {
-	if headerProof == nil {
+	if check.IfNilReflect(headerProof) {
 		return ErrNilProof
 	}
 

epochStart/bootstrap/disabled/disabledHeaderSigVerifier.go

@@ -2,6 +2,7 @@ package disabled
 
 import (
 	"github.com/multiversx/mx-chain-core-go/data"
+
 	"github.com/multiversx/mx-chain-go/process"
 )
 
@@ -40,8 +41,8 @@ func (h *headerSigVerifier) VerifySignatureForHash(_ data.HeaderHandler, _ []byt
 	return nil
 }
 
-// VerifyPreviousBlockProof returns nil as it is disabled
-func (h *headerSigVerifier) VerifyPreviousBlockProof(_ data.HeaderHandler) error {
+// VerifyHeaderWithProof returns nil as it is disabled
+func (h *headerSigVerifier) VerifyHeaderWithProof(_ data.HeaderHandler) error {
 	return nil
 }