Alpha: use watermark for signing blocks and operations

2018-05-22 16:42:34 +02:00 · 2018-05-22 16:42:34 +02:00 · f0fc9ac37c
commit f0fc9ac37c
parent 5e17430815
7 changed files with 50 additions and 35 deletions
--- a/src/proto_alpha/lib_baking/client_baking_endorsement.ml
+++ b/src/proto_alpha/lib_baking/client_baking_endorsement.ml
@ -102,7 +102,8 @@ let inject_endorsement (cctxt : #Proto_alpha.full)
    ~level:level
    ~slots
    () >>=? fun bytes ->
-  Client_keys.append cctxt src_sk bytes >>=? fun signed_bytes ->
+  Client_keys.append
+    cctxt src_sk ~watermark:Endorsement bytes >>=? fun signed_bytes ->
  Shell_services.inject_operation
    cctxt ?async ~chain_id:bi.chain_id signed_bytes >>=? fun oph ->
  iter_s
--- a/src/proto_alpha/lib_baking/client_baking_forge.ml
+++ b/src/proto_alpha/lib_baking/client_baking_forge.ml
@ -30,10 +30,9 @@ let forge_block_header
    let protocol_data : Block_header.protocol_data =
      { priority ; seed_nonce_hash ; proof_of_work_nonce } in
    if Baking.check_header_proof_of_work_stamp shell protocol_data stamp_threshold then
-      let unsigned_header =
-        Alpha_context.Block_header.forge_unsigned shell protocol_data in
-      Client_keys.append cctxt delegate_sk unsigned_header >>=? fun signed_header ->
-      return signed_header
+      let unsigned_header = Block_header.forge_unsigned shell protocol_data in
+      Client_keys.append cctxt
+        delegate_sk ~watermark:Block_header unsigned_header
    else
      loop () in
  loop ()
--- a/src/proto_alpha/lib_baking/test/proto_alpha_helpers.ml
+++ b/src/proto_alpha/lib_baking/test/proto_alpha_helpers.ml
@ -330,7 +330,7 @@ module Protocol = struct
      ~period:next_level.voting_period
      ~proposals
      () >>=? fun bytes ->
-    let signed_bytes = Signature.append sk bytes in
+    let signed_bytes = Signature.append ~watermark:Generic_operation sk bytes in
    return (Tezos_base.Operation.of_bytes_exn signed_bytes)

  let ballot ?(block = `Head 0) ~src:({ pkh; sk } : Account.t) ~proposal ballot =
@ -343,7 +343,7 @@ module Protocol = struct
      ~proposal
      ~ballot
      () >>=? fun bytes ->
-    let signed_bytes = Signature.append sk bytes in
+    let signed_bytes = Signature.append ~watermark:Generic_operation sk bytes in
    return (Tezos_base.Operation.of_bytes_exn signed_bytes)

 end
@ -538,7 +538,7 @@ module Endorse = struct
      ~level:level.level
      ~slots:[slot]
      () >>=? fun bytes ->
-    let signed_bytes = Signature.append src_sk bytes in
+    let signed_bytes = Signature.append ~watermark:Endorsement src_sk bytes in
    return (Tezos_base.Operation.of_bytes_exn signed_bytes)

  let signing_slots
--- a/src/proto_alpha/lib_client/client_proto_context.ml
+++ b/src/proto_alpha/lib_client/client_proto_context.ml
@ -54,7 +54,8 @@ let transfer cctxt
    ~branch ~source ~sourcePubKey:src_pk ~counter ~amount
    ~destination ?parameters ~fee () >>=? fun bytes ->
  Block_services.predecessor cctxt block >>=? fun predecessor ->
-  Client_keys.sign cctxt src_sk bytes >>=? fun signature ->
+  Client_keys.sign
+    cctxt src_sk ~watermark:Generic_operation bytes >>=? fun signature ->
  let signed_bytes = Signature.concat bytes signature in
  let oph = Operation_hash.hash_bytes [ signed_bytes ] in
  Alpha_services.Helpers.apply_operation cctxt block
@ -72,7 +73,8 @@ let reveal cctxt
  Alpha_services.Forge.Manager.reveal
    cctxt block
    ~branch ~source ~sourcePubKey:src_pk ~counter ~fee () >>=? fun bytes ->
-  Client_keys.sign cctxt src_sk bytes >>=? fun signature ->
+  Client_keys.sign
+    cctxt src_sk ~watermark:Generic_operation bytes >>=? fun signature ->
  let signed_bytes = Signature.concat bytes signature in
  let oph = Operation_hash.hash_bytes [ signed_bytes ] in
  Shell_services.inject_operation
@ -120,7 +122,8 @@ let originate_account ?branch
    ~branch ~source ~sourcePubKey:src_pk ~managerPubKey:manager_pkh
    ~counter ~balance ~spendable:true
    ?delegatable ?delegatePubKey:delegate ~fee () >>=? fun bytes ->
-  Client_keys.sign cctxt src_sk bytes >>=? fun signature ->
+  Client_keys.sign
+    cctxt src_sk ~watermark:Generic_operation bytes >>=? fun signature ->
  originate cctxt ~block ~chain_id ~signature bytes

 let delegate_contract cctxt
@ -134,7 +137,8 @@ let delegate_contract cctxt
  Alpha_services.Forge.Manager.delegation cctxt block
    ~branch ~source ?sourcePubKey:src_pk ~counter ~fee delegate_opt
  >>=? fun bytes ->
-  Client_keys.sign cctxt manager_sk bytes >>=? fun signature ->
+  Client_keys.sign
+    cctxt manager_sk ~watermark:Generic_operation bytes >>=? fun signature ->
  let signed_bytes = Signature.concat bytes signature in
  let oph = Operation_hash.hash_bytes [ signed_bytes ] in
  Shell_services.inject_operation
@ -182,8 +186,8 @@ let dictate rpc_config block command seckey =
    rpc_config block >>=? fun { chain_id ; hash = branch } ->
  Alpha_services.Forge.Dictator.operation
    rpc_config block ~branch command >>=? fun bytes ->
-  let signature = Signature.sign seckey bytes in
-  let signed_bytes = Signature.concat bytes signature in
+  let signed_bytes =
+    Signature.append ~watermark:Generic_operation seckey bytes in
  let oph = Operation_hash.hash_bytes [ signed_bytes ] in
  Shell_services.inject_operation
    rpc_config ~chain_id signed_bytes >>=? fun injected_oph ->
@ -236,7 +240,8 @@ let originate_contract
    ~counter ~balance ~spendable:spendable
    ~delegatable ?delegatePubKey:delegate
    ~script:{ code ; storage } ~fee () >>=? fun bytes ->
-  Client_keys.sign cctxt src_sk bytes >>=? fun signature ->
+  Client_keys.sign
+    cctxt src_sk ~watermark:Generic_operation bytes >>=? fun signature ->
  originate cctxt ~block ~signature bytes

 let wait_for_operation_inclusion
--- a/src/proto_alpha/lib_protocol/src/baking.ml
+++ b/src/proto_alpha/lib_protocol/src/baking.ml
@ -270,7 +270,7 @@ let check_proof_of_work_stamp ctxt block =
 let check_signature block key =
  let check_signature key { Block_header.protocol_data ; shell ; signature } =
    let unsigned_header = Block_header.forge_unsigned shell protocol_data in
-    Signature.check key signature unsigned_header in
+    Signature.check ~watermark:Block_header key signature unsigned_header in
  if check_signature key block then
    return ()
  else
--- a/src/proto_alpha/lib_protocol/src/operation_repr.ml
+++ b/src/proto_alpha/lib_protocol/src/operation_repr.ml
@ -482,9 +482,21 @@ let check_signature key { shell ; contents ; signature } =
  | Anonymous_operations _, _ -> return ()
  | Sourced_operations _, None ->
      fail Missing_signature
-  | Sourced_operations _, Some signature ->
+  | Sourced_operations (Consensus_operation _), Some signature ->
+      (* Safe for baking *)
      let unsigned_operation = forge shell contents in
-      if Signature.check key signature unsigned_operation then
+      if Signature.check
+          ~watermark:Endorsement
+          key signature unsigned_operation then
+        return ()
+      else
+        fail Invalid_signature
+  | Sourced_operations _, Some signature ->
+      (* Unsafe for baking *)
+      let unsigned_operation = forge shell contents in
+      if Signature.check
+          ~watermark:Generic_operation
+          key signature unsigned_operation then
        return ()
      else
        fail Invalid_signature
--- a/src/proto_alpha/lib_protocol/test/helpers/helpers_operation.ml
+++ b/src/proto_alpha/lib_protocol/test/helpers/helpers_operation.ml
@ -95,23 +95,22 @@ let endorsement_full ?(slot = 0) block level =
  sourced
  @@ Consensus_operation (endorsements block level ~slot)

-
 let sign src oph protop =
-  let signature_content = Operation.forge oph protop in
-  let signature = match src with
-    | None -> None
-    | Some(src: Helpers_account.t) -> Some (Signature.sign src.ppk signature_content) in
-  let open Data_encoding in
-  let signed_proto_operation_encoding =
-    Data_encoding.merge_objs
-      Operation.proto_operation_encoding
-      (obj1 @@ varopt "signature" Signature.encoding) in
-  let proto_bytes =
-    Data_encoding.Binary.to_bytes_exn
-      signed_proto_operation_encoding
-      (protop, signature) in
-  (proto_bytes, signature)
-
+  let watermark =
+    match protop with
+    | Proto_alpha.Alpha_context.Anonymous_operations _ -> None
+    | Proto_alpha.Alpha_context.Sourced_operations
+        (Proto_alpha.Alpha_context.Consensus_operation (Endorsements _)) ->
+        Some Signature.Endorsement
+    | _ ->
+        Some Generic_operation in
+  let bytes = Operation.forge oph protop in
+  match src with
+  | None -> bytes, None
+  | Some src ->
+      let signature =
+        Signature.sign ?watermark src.Helpers_account.ppk bytes in
+      Signature.concat bytes signature, Some signature

 let main_of_proto (src: Helpers_account.t) operation_header protocol_operation =
  let (proto,_) = sign (Some src) operation_header protocol_operation in
@ -121,7 +120,6 @@ let main_of_proto (src: Helpers_account.t) operation_header protocol_operation =
  Proto_alpha.Main.parse_operation hash data_operation >>? fun op ->
  ok (op, hash)

-
 let apply_of_proto
    (source: Helpers_account.t option) operation_header protocol_operation =
  let (_proto, signature) = sign source operation_header protocol_operation in