Skip to content
This repository has been archived by the owner on Dec 3, 2024. It is now read-only.

Commit

Permalink
sec: add poz verifier to check all the proof ops (#3)
Browse files Browse the repository at this point in the history
  • Loading branch information
yutianwu authored Mar 2, 2023
1 parent 6b32134 commit 72375a6
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 5 deletions.
14 changes: 10 additions & 4 deletions crypto/merkle/proof.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ type ProofOperator interface {
type ProofOperators []ProofOperator

type ProofOpVerifier func(ProofOperator) error
type ProofOpsVerifier func(ProofOperators) error

func (poz ProofOperators) VerifyValue(root []byte, keypath string, value []byte, verifiers ...ProofOpVerifier) (err error) {
return poz.Verify(root, keypath, [][]byte{value}, verifiers...)
Expand Down Expand Up @@ -117,21 +118,26 @@ func (prt *ProofRuntime) DecodeProof(proof *Proof) (ProofOperators, error) {
return poz, nil
}

func (prt *ProofRuntime) VerifyValue(proof *Proof, root []byte, keypath string, value []byte, verifiers ...ProofOpVerifier) (err error) {
return prt.Verify(proof, root, keypath, [][]byte{value}, verifiers...)
func (prt *ProofRuntime) VerifyValue(proof *Proof, root []byte, keypath string, value []byte, pozVerifier ProofOpsVerifier, verifiers ...ProofOpVerifier) (err error) {
return prt.Verify(proof, root, keypath, [][]byte{value}, pozVerifier, verifiers...)
}

// TODO In the long run we'll need a method of classifcation of ops,
// whether existence or absence or perhaps a third?
func (prt *ProofRuntime) VerifyAbsence(proof *Proof, root []byte, keypath string, verifiers ...ProofOpVerifier) (err error) {
return prt.Verify(proof, root, keypath, nil, verifiers...)
return prt.Verify(proof, root, keypath, nil, nil, verifiers...)
}

func (prt *ProofRuntime) Verify(proof *Proof, root []byte, keypath string, args [][]byte, verifiers ...ProofOpVerifier) (err error) {
func (prt *ProofRuntime) Verify(proof *Proof, root []byte, keypath string, args [][]byte, pozVerifier ProofOpsVerifier, verifiers ...ProofOpVerifier) (err error) {
poz, err := prt.DecodeProof(proof)
if err != nil {
return cmn.ErrorWrap(err, "decoding proof")
}
if pozVerifier != nil {
if err := pozVerifier(poz); err != nil {
return err
}
}
return poz.Verify(root, keypath, args, verifiers...)
}

Expand Down
3 changes: 2 additions & 1 deletion lite/proxy/query_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ func kvstoreTx(k, v []byte) []byte {

// TODO: enable it after general proof format has been adapted
// in abci/examples/kvstore.go
//
//nolint:unused,deadcode
func _TestAppProofs(t *testing.T) {
assert, require := assert.New(t), require.New(t)
Expand Down Expand Up @@ -108,7 +109,7 @@ func _TestAppProofs(t *testing.T) {
require.Equal(height, brh)

assert.EqualValues(v, bs)
err = prt.VerifyValue(proof, rootHash, string(k), bs) // XXX key encoding
err = prt.VerifyValue(proof, rootHash, string(k), bs, nil) // XXX key encoding
assert.NoError(err, "%#v", err)

// Test non-existing key.
Expand Down

0 comments on commit 72375a6

Please sign in to comment.