Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix panic in Babe when the sr25519 public key is invalid #1344

Merged
merged 2 commits into from
Nov 16, 2023
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Fix panic in Babe when the sr25519 public key is invalid
tomaka committed Nov 16, 2023
commit 736ab792e806e48e9d7191a7cdcfe3c227bbfc10
9 changes: 4 additions & 5 deletions lib/src/verify/babe.rs
Original file line number Diff line number Diff line change
@@ -213,6 +213,8 @@ pub enum VerifyError {
InvalidBabeParametersChange(chain_information::BabeValidityError),
/// Authority index stored within block is out of range.
InvalidAuthorityIndex,
/// Public key used to for the signature is invalid.
BadPublicKey,
/// Block header signature is invalid.
BadSignature,
/// VRF proof in the block header is invalid.
@@ -452,12 +454,9 @@ pub fn verify_header(config: VerifyConfig) -> Result<VerifySuccess, VerifyError>
.nth(usize::try_from(authority_index).map_err(|_| VerifyError::InvalidAuthorityIndex)?)
.ok_or(VerifyError::InvalidAuthorityIndex)?;

// This `unwrap()` can only panic if `public_key` is the wrong length, which we know can't
// happen as it's of type `[u8; 32]`.
let signing_public_key = schnorrkel::PublicKey::from_bytes(signing_authority.public_key)
.unwrap_or_else(|_| unreachable!());

// Now verifying the signature in the seal.
let signing_public_key = schnorrkel::PublicKey::from_bytes(signing_authority.public_key)
.map_err(|_| VerifyError::BadPublicKey)?;
signing_public_key
.verify_simple(b"substrate", &pre_seal_hash, &seal_signature)
.map_err(|_| VerifyError::BadSignature)?;
4 changes: 4 additions & 0 deletions wasm-node/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -6,6 +6,10 @@

- Smoldot will now only try opening a maximum of five connections simultaneously, then one per second. This avoids possible situations where a server is being accidentally hammered by smoldot, and avoids potentially making traffic suspicious to some ISPs. ([#1340](https://github.com/smol-dot/smoldot/pull/1340))

### Fixed

- Fix panic when verifying Babe signatures when the invalid SR25519 public key is invalid.

## 2.0.8 - 2023-11-15

### Changed
Loading