-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect certificate validation #717
Comments
@plebhash is picking this one 🔥 |
This comment was marked as duplicate.
This comment was marked as duplicate.
It seems I can only assign you an issue if you comment back on it 😄 We have to add you to organizaiton or repo. |
sounds good! just send me an invite and I'll gladly accept it |
@Sjors while I'm still not at a testing stage, it seems I'll eventually need to test SRI against your Bitcoin Core fork on a specific commit. I'm looking at Sjors/bitcoin#29 and your last comment says:
Could you confirm this is the main PR? bitcoin/bitcoin#29346 I'm not finding the revert commit, thus the confusion. |
Another question to @Sjors: I built
|
question to @Fi3 : as stated by @Sjors:
So that means we need to fix this line, correct?
but where would I can see two potential paths, but please correct me if I'm missing something:
|
@plebhash sorry for the confusion here:
You should write the fix on top of #737 and test it with (2). Otherwise you'll probably have to fix a merge conflict after #737 is merged. The branch You indeed need to pass both the authority key and the static key into the verification function. I'm not much of a Rust guru, so no opinion on how to do that. |
thanks for the clarification @Sjors so for TP I built On SRI side I pulled @lorbax fork and checked out
On the - let m = Message::from_hashed_data::<sha256::Hash>(&m[0..10]);
+ let m = [&m[0..10], &pk.serialize()].concat();
+ let m = Message::from_hashed_data::<sha256::Hash>(&m); I also changed - pub fn verify(self, pk: &XOnlyPublicKey) -> bool {
+ pub fn verify(self, pk: &XOnlyPublicKey, authority_pk: &XOnlyPublicKey) -> bool { But if I try to call - secp.verify_schnorr(&s, &m, pk).is_ok()
+ secp.verify_schnorr(&s, &m, authority_pk).is_ok() the pool still breaks with the same error:
while if I simply call IIUC, we expect Changes to SRI can be found at plebhash@bdc3880 |
My revert commit was missing a spot (in |
thanks! just to confirm: in order to have a TP with correct certificate behavior, I should check out
is that correct? after doing the above, signature verification breaks both against but as pointed out by @Sjors here plebhash@bdc3880#r138457380 maybe |
The specific hash you need to revert may change as I push updates to the 2024/02/sv2-poll-ellswift branch. The commits you'll want to revert are called "[Temporarily break certificate generation and validation]" and "[Temporarily use previous noise protocol name]". Can you open a (draft) PR with your change? That makes it easier to comment on it. |
I left a more elaborate comment on your commit: plebhash@bdc3880#r138462734 My guess / hope is that you didn't set the right authority key in your config file... |
I found a bug on my end where it kept replacing the static and authority key files. Fixed in the latest push. I also get an invalid certificate error. I'll do some more digging. |
Also don't forget to make the same changes to Another issue I found is that the Pool role, which I currently use for testing this, doesn't have a So you need to add in pub struct Configuration {
pub listen_address: String,
pub tp_address: String,
pub tp_authority_pub_key: Secp256k1PublicKey, And then use That still doesn't fix it for me though... |
Oops, I was logging the static key instead of the authority key. In the process of debugging I added some log statements to make sure:
|
@Sjors does this still hold true? I cannot find any commit with |
Ok that clarifies the |
That one is no longer needed, as long as you rebase on #737 and use the latest 2024/02/sv2-poll-ellswift branch on the Bitcoin Core side. Sorry for the chaos. |
Bitcoin Core puts it in the log when you start with |
The reason I suggest adding a new
|
Currently the pool role (and presumably other roles) incorrectly verifies the Template Provider authority key (and presumable other upstream keys).
https://github.com/stratum-mining/sv2-spec/blob/main/04-Protocol-Security.md#453-server-authentication
The checks happen here:
stratum/protocols/v2/noise-sv2/src/signature_message.rs
Lines 26 to 40 in 3f07a6a
The spec requires that
server_public_key
(the upstream static key) is included in the signature hash, butm
only covers the 10 bytes of theSIGNATURE_NOISE_MESSAGE
. It needs to append the server static public.The message should be signed by the authority key, but it's actually being checked against the static key.
The Template Provider in Bitcoin Core generated signatures with the same two issues. I fixed the bug, but then put in a workaround to re-introduce the bug. That way things keep working.
A fix for the Bitcoin Core side is here: Sjors/bitcoin#29
I'll merge that once the SRI-side is fixed.
The text was updated successfully, but these errors were encountered: