chore: reverse bytes in extension and require 32 bytes for RAW

dashpay · Jan 4, 2024 · 3b9f869 · 3b9f869
1 parent 78eb049
commit 3b9f869
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/proto/tendermint/abci/types.proto b/proto/tendermint/abci/types.proto
@@ -666,6 +666,8 @@ message ExtendVoteExtension {
   // The Tenderdash supports only THRESHOLD_RECOVER and THRESHOLD_RECOVER_RAW at this moment.
   tendermint.types.VoteExtensionType type = 1;
   // Deterministic or (Non-Deterministic) extension provided by the sending validator's Application.
+  //
+  // For THRESHOLD_RECOVER_RAW, it MUST be 32 bytes.
   bytes extension = 2;
   // Sign request ID that will be used to sign the vote extensions.
   // Only applicable for THRESHOLD_RECOVER_RAW vote extension type.

diff --git a/proto/tendermint/types/dash.go b/proto/tendermint/types/dash.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	fmt "fmt"
 
+	"github.com/dashpay/tenderdash/crypto"
 	"github.com/dashpay/tenderdash/crypto/bls12381"
 )
 
@@ -105,6 +106,13 @@ func (v *VoteExtension) Validate() error {
 		return fmt.Errorf("vote extension type %s is not supported", v.Type.String())
 	}
 
+	if v.Type == VoteExtensionType_THRESHOLD_RECOVER_RAW {
+		if len(v.Extension) != crypto.HashSize {
+			return fmt.Errorf("invalid %s vote extension size: got %d, expected %d",
+				v.Type.String(), len(v.Extension), crypto.HashSize)
+		}
+	}
+
 	if len(v.Extension) > 0 && len(v.Signature) == 0 {
 		return errExtensionSignEmpty
 	}

diff --git a/types/vote_extension.go b/types/vote_extension.go
@@ -463,17 +463,22 @@ func (e ThresholdRawVoteExtension) SignItem(_ string, height int64, round int32,
 		}
 	}
 
-	// ensure signBytes is 32 bytes long
-	signBytes := make([]byte, crypto.DefaultHashSize)
-	copy(signBytes, ext.Extension)
+	// ensure Extension is 32 bytes long
+	if len(ext.Extension) != crypto.DefaultHashSize {
+		return crypto.SignItem{}, fmt.Errorf("invalid vote extension %s %X: extension must be %d bytes long",
+			ext.Type.String(), ext.Extension, crypto.DefaultHashSize)
+	}
+
+	// We sign extension as it is, without any hashing, etc.
+	// However, as it is reversed in SignItem.UpdateSignHash, we need to reverse it also here to undo
+	// that reversal.
+	msgHash := tmbytes.Reverse(ext.Extension)
 
-	signItem, err := crypto.NewSignItemFromHash(quorumType, quorumHash, signRequestID, signBytes), nil
+	signItem, err := crypto.NewSignItemFromHash(quorumType, quorumHash, signRequestID, msgHash), nil
 	if err != nil {
 		return crypto.SignItem{}, err
 	}
-	// we do not reverse fields when calculating SignHash for vote extensions
-	// signItem.UpdateSignHash(false)
-	signItem.Raw = ext.Extension
+	signItem.Msg = ext.Extension
 
 	return signItem, nil
 }