diff --git a/commit/merkleroot/rmn/controller_test.go b/commit/merkleroot/rmn/controller_test.go index c9fd9c5a..e1f3a25f 100644 --- a/commit/merkleroot/rmn/controller_test.go +++ b/commit/merkleroot/rmn/controller_test.go @@ -415,15 +415,11 @@ func TestClient_ComputeReportSignatures(t *testing.T) { const numNodes = 8 rmnNodes := make([]rmntypes.HomeNodeInfo, numNodes) for i := 0; i < numNodes; i++ { - // deterministically create a public key by seeding with a 32char string. - publicKey, _, err := ed25519.GenerateKey( - strings.NewReader(strconv.Itoa(i) + strings.Repeat("x", 31))) - require.NoError(t, err) rmnNodes[i] = rmntypes.HomeNodeInfo{ ID: rmntypes.NodeID(i + 1), PeerID: [32]byte{1, 2, 3}, SupportedSourceChains: mapset.NewSet(chainS1, chainS2), - OffchainPublicKey: &publicKey, + OffchainPublicKey: getDeterministicPubKey(t), } } @@ -648,7 +644,7 @@ func Test_controller_validateSignedObservationResponse(t *testing.T) { { ID: 20, SupportedSourceChains: mapset.NewSet[cciptypes.ChainSelector](cciptypes.ChainSelector(2)), - OffchainPublicKey: &ed25519.PublicKey{}, + OffchainPublicKey: getDeterministicPubKey(t), }, }, }, @@ -743,6 +739,14 @@ func Test_newRequestID(t *testing.T) { } } +func getDeterministicPubKey(t *testing.T) *ed25519.PublicKey { + // deterministically create a public key by seeding with a 32char string. + publicKey, _, err := ed25519.GenerateKey( + strings.NewReader(strconv.Itoa(1) + strings.Repeat("x", 31))) + require.NoError(t, err) + return &publicKey +} + func (ts *testSetup) waitForObservationRequestsToBeSent( rmnClient *mockPeerClient, homeF int, diff --git a/commit/merkleroot/rmn/crypto.go b/commit/merkleroot/rmn/crypto.go index 00d7be2c..e43321d6 100644 --- a/commit/merkleroot/rmn/crypto.go +++ b/commit/merkleroot/rmn/crypto.go @@ -47,6 +47,12 @@ func verifyObservationSignature( msg := append([]byte(signedObservationPrefix), observationBytesSha256[:]...) msgSha256 := sha256.Sum256(msg) + if rmnNode.OffchainPublicKey == nil { + return fmt.Errorf("node %d has no offchain public key", rmnNode.ID) + } + if len(*rmnNode.OffchainPublicKey) != ed25519.PublicKeySize { + return fmt.Errorf("node %d has an invalid offchain public key", rmnNode.ID) + } isValid := verifier.Verify(*rmnNode.OffchainPublicKey, msgSha256[:], signedObs.Signature) if !isValid { return fmt.Errorf("observation signature does not match node %d public key", rmnNode.ID)