refactor: sign only block's header, not the whole payload

Signed-off-by: Marin Veršić <marin.versic101@gmail.com>
hyperledger-iroha · Aug 22, 2024 · dd9abdc · dd9abdc
1 parent 9e8c35d
commit dd9abdc
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 13 deletions.
diff --git a/core/src/block.rs b/core/src/block.rs
@@ -295,7 +295,7 @@ mod valid {
             };
 
             leader_signature
-                .verify(topology.leader().public_key(), block.payload())
+                .verify(topology.leader().public_key(), &block.payload().header)
                 .map_err(|_err| SignatureVerificationError::LeaderMissing)?;
             Ok(())
         }
@@ -332,7 +332,7 @@ mod valid {
                         .ok_or(SignatureVerificationError::UnknownSignatory)?;
 
                     signature
-                        .verify(signatory.public_key(), block.payload())
+                        .verify(signatory.public_key(), &block.payload().header)
                         .map_err(|_err| SignatureVerificationError::UnknownSignature)?;
 
                     Ok(())
@@ -386,7 +386,7 @@ mod valid {
             };
 
             proxy_tail_signature
-                .verify(topology.proxy_tail().public_key(), block.payload())
+                .verify(topology.proxy_tail().public_key(), &block.payload().header)
                 .map_err(|_err| SignatureVerificationError::ProxyTailMissing)?;
 
             Ok(())
@@ -772,7 +772,7 @@ mod valid {
         };
         signature
             .1
-            .verify(&genesis_account.signatory, block.payload())
+            .verify(&genesis_account.signatory, &block.payload().header)
             .map_err(|_| InvalidGenesisError::InvalidSignature)?;
 
         let transactions = block.payload().transactions.as_slice();
@@ -811,7 +811,10 @@ mod valid {
                 .skip(1)
                 .filter(|(i, _)| *i != 4) // Skip proxy tail
                 .map(|(i, key_pair)| {
-                    BlockSignature(i as u64, SignatureOf::new(key_pair.private_key(), &payload))
+                    BlockSignature(
+                        i as u64,
+                        SignatureOf::new(key_pair.private_key(), &payload.header),
+                    )
                 })
                 .try_for_each(|signature| block.add_signature(signature, &topology))
                 .expect("Failed to add signatures");
@@ -879,7 +882,10 @@ mod valid {
                 .skip(1)
                 .filter(|(i, _)| *i != 4) // Skip proxy tail
                 .map(|(i, key_pair)| {
-                    BlockSignature(i as u64, SignatureOf::new(key_pair.private_key(), &payload))
+                    BlockSignature(
+                        i as u64,
+                        SignatureOf::new(key_pair.private_key(), &payload.header),
+                    )
                 })
                 .try_for_each(|signature| block.add_signature(signature, &topology))
                 .expect("Failed to add signatures");

diff --git a/data_model/src/block.rs b/data_model/src/block.rs
@@ -113,7 +113,7 @@ mod model {
         /// Index of the peer in the topology
         pub u64,
         /// Payload
-        pub SignatureOf<BlockPayload>,
+        pub SignatureOf<BlockHeader>,
     );
 
     /// Signed block
@@ -159,7 +159,10 @@ impl BlockPayload {
     /// Create new signed block, using `key_pair` to sign `payload`
     #[cfg(feature = "transparent_api")]
     pub fn sign(self, private_key: &iroha_crypto::PrivateKey) -> SignedBlock {
-        let signatures = vec![BlockSignature(0, SignatureOf::new(private_key, &self))];
+        let signatures = vec![BlockSignature(
+            0,
+            SignatureOf::new(private_key, &self.header),
+        )];
 
         SignedBlockV1 {
             signatures,
@@ -232,7 +235,7 @@ impl SignedBlock {
             ));
         }
 
-        signature.1.verify(public_key, self.payload())?;
+        signature.1.verify(public_key, &self.payload().header)?;
 
         let SignedBlock::V1(block) = self;
         block.signatures.push(signature);
@@ -257,7 +260,7 @@ impl SignedBlock {
 
         block.signatures.push(BlockSignature(
             signatory as u64,
-            SignatureOf::new(private_key, &block.payload),
+            SignatureOf::new(private_key, &block.payload.header),
         ));
     }
 
@@ -296,7 +299,7 @@ impl SignedBlock {
             transactions,
         };
 
-        let signature = BlockSignature(0, SignatureOf::new(genesis_private_key, &payload));
+        let signature = BlockSignature(0, SignatureOf::new(genesis_private_key, &payload.header));
         SignedBlockV1 {
             signatures: vec![signature],
             payload,

diff --git a/docs/source/references/schema.json b/docs/source/references/schema.json
@@ -724,7 +724,7 @@
   "BlockSignature": {
     "Tuple": [
       "u64",
-      "SignatureOf<BlockPayload>"
+      "SignatureOf<BlockHeader>"
     ]
   },
   "BlockStatus": {
@@ -3947,7 +3947,7 @@
       }
     ]
   },
-  "SignatureOf<BlockPayload>": "Signature",
+  "SignatureOf<BlockHeader>": "Signature",
   "SignatureOf<QueryRequestWithAuthority>": "Signature",
   "SignatureOf<TransactionPayload>": "Signature",
   "SignedBlock": {