refactor: sign only block's header, not the whole payload (#5000)

Signed-off-by: Marin Veršić <marin.versic101@gmail.com>

core/src/block.rs

@@ -304,7 +304,7 @@ mod valid {
             };
 
             leader_signature
-                .verify(topology.leader().public_key(), block.payload())
+                .verify(topology.leader().public_key(), &block.payload().header)
                 .map_err(|_err| SignatureVerificationError::LeaderMissing)?;
             Ok(())
         }
@@ -341,7 +341,7 @@ mod valid {
                         .ok_or(SignatureVerificationError::UnknownSignatory)?;
 
                     signature
-                        .verify(signatory.public_key(), block.payload())
+                        .verify(signatory.public_key(), &block.payload().header)
                         .map_err(|_err| SignatureVerificationError::UnknownSignature)?;
 
                     Ok(())
@@ -395,7 +395,7 @@ mod valid {
             };
 
             proxy_tail_signature
-                .verify(topology.proxy_tail().public_key(), block.payload())
+                .verify(topology.proxy_tail().public_key(), &block.payload().header)
                 .map_err(|_err| SignatureVerificationError::ProxyTailMissing)?;
 
             Ok(())
@@ -782,7 +782,7 @@ mod valid {
         };
         signature
             .1
-            .verify(&genesis_account.signatory, block.payload())
+            .verify(&genesis_account.signatory, &block.payload().header)
             .map_err(|_| InvalidGenesisError::InvalidSignature)?;
 
         let transactions = block.payload().transactions.as_slice();
@@ -821,7 +821,10 @@ mod valid {
                 .skip(1)
                 .filter(|(i, _)| *i != 4) // Skip proxy tail
                 .map(|(i, key_pair)| {
-                    BlockSignature(i as u64, SignatureOf::new(key_pair.private_key(), &payload))
+                    BlockSignature(
+                        i as u64,
+                        SignatureOf::new(key_pair.private_key(), &payload.header),
+                    )
                 })
                 .try_for_each(|signature| block.add_signature(signature, &topology))
                 .expect("Failed to add signatures");
@@ -889,7 +892,10 @@ mod valid {
                 .skip(1)
                 .filter(|(i, _)| *i != 4) // Skip proxy tail
                 .map(|(i, key_pair)| {
-                    BlockSignature(i as u64, SignatureOf::new(key_pair.private_key(), &payload))
+                    BlockSignature(
+                        i as u64,
+                        SignatureOf::new(key_pair.private_key(), &payload.header),
+                    )
                 })
                 .try_for_each(|signature| block.add_signature(signature, &topology))
                 .expect("Failed to add signatures");

data_model/src/block.rs

@@ -115,7 +115,7 @@ mod model {
         /// Index of the peer in the topology
         pub u64,
         /// Payload
-        pub SignatureOf<BlockPayload>,
+        pub SignatureOf<BlockHeader>,
     );
 
     /// Signed block
@@ -167,7 +167,10 @@ impl BlockPayload {
     /// Create new signed block, using `key_pair` to sign `payload`
     #[cfg(feature = "transparent_api")]
     pub fn sign(self, private_key: &iroha_crypto::PrivateKey) -> SignedBlock {
-        let signatures = vec![BlockSignature(0, SignatureOf::new(private_key, &self))];
+        let signatures = vec![BlockSignature(
+            0,
+            SignatureOf::new(private_key, &self.header),
+        )];
 
         SignedBlockV1 {
             signatures,
@@ -238,7 +241,7 @@ impl SignedBlock {
             ));
         }
 
-        signature.1.verify(public_key, self.payload())?;
+        signature.1.verify(public_key, &self.payload().header)?;
 
         let SignedBlock::V1(block) = self;
         block.signatures.push(signature);
@@ -263,7 +266,7 @@ impl SignedBlock {
 
         block.signatures.push(BlockSignature(
             signatory as u64,
-            SignatureOf::new(private_key, &block.payload),
+            SignatureOf::new(private_key, &block.payload.header),
         ));
     }
 
@@ -303,7 +306,7 @@ impl SignedBlock {
             event_recommendations: vec![],
         };
 
-        let signature = BlockSignature(0, SignatureOf::new(genesis_private_key, &payload));
+        let signature = BlockSignature(0, SignatureOf::new(genesis_private_key, &payload.header));
         SignedBlockV1 {
             signatures: vec![signature],
             payload,

docs/source/references/schema.json

@@ -647,7 +647,7 @@
   "BlockSignature": {
     "Tuple": [
       "u64",
-      "SignatureOf<BlockPayload>"
+      "SignatureOf<BlockHeader>"
     ]
   },
   "BlockStatus": {
@@ -3673,7 +3673,7 @@
       }
     ]
   },
-  "SignatureOf<BlockPayload>": "Signature",
+  "SignatureOf<BlockHeader>": "Signature",
   "SignatureOf<ClientQueryPayload>": "Signature",
   "SignatureOf<TransactionPayload>": "Signature",
   "SignedBlock": {

schema/gen/src/lib.rs

@@ -351,7 +351,7 @@ types!(
     SetKeyValueBox,
     SetParameter,
     Signature,
-    SignatureOf<BlockPayload>,
+    SignatureOf<BlockHeader>,
     SignatureOf<ClientQueryPayload>,
     SignatureOf<TransactionPayload>,
     SignedBlock,