From 72375a6f3d4a72831cc65e73363db89a0073db38 Mon Sep 17 00:00:00 2001 From: yutianwu Date: Thu, 2 Mar 2023 10:58:13 +0800 Subject: [PATCH] sec: add poz verifier to check all the proof ops (#3) --- crypto/merkle/proof.go | 14 ++++++++++---- lite/proxy/query_test.go | 3 ++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/crypto/merkle/proof.go b/crypto/merkle/proof.go index b4fca168a9f..669f6912561 100644 --- a/crypto/merkle/proof.go +++ b/crypto/merkle/proof.go @@ -31,6 +31,7 @@ type ProofOperator interface { type ProofOperators []ProofOperator type ProofOpVerifier func(ProofOperator) error +type ProofOpsVerifier func(ProofOperators) error func (poz ProofOperators) VerifyValue(root []byte, keypath string, value []byte, verifiers ...ProofOpVerifier) (err error) { return poz.Verify(root, keypath, [][]byte{value}, verifiers...) @@ -117,21 +118,26 @@ func (prt *ProofRuntime) DecodeProof(proof *Proof) (ProofOperators, error) { return poz, nil } -func (prt *ProofRuntime) VerifyValue(proof *Proof, root []byte, keypath string, value []byte, verifiers ...ProofOpVerifier) (err error) { - return prt.Verify(proof, root, keypath, [][]byte{value}, verifiers...) +func (prt *ProofRuntime) VerifyValue(proof *Proof, root []byte, keypath string, value []byte, pozVerifier ProofOpsVerifier, verifiers ...ProofOpVerifier) (err error) { + return prt.Verify(proof, root, keypath, [][]byte{value}, pozVerifier, verifiers...) } // TODO In the long run we'll need a method of classifcation of ops, // whether existence or absence or perhaps a third? func (prt *ProofRuntime) VerifyAbsence(proof *Proof, root []byte, keypath string, verifiers ...ProofOpVerifier) (err error) { - return prt.Verify(proof, root, keypath, nil, verifiers...) + return prt.Verify(proof, root, keypath, nil, nil, verifiers...) } -func (prt *ProofRuntime) Verify(proof *Proof, root []byte, keypath string, args [][]byte, verifiers ...ProofOpVerifier) (err error) { +func (prt *ProofRuntime) Verify(proof *Proof, root []byte, keypath string, args [][]byte, pozVerifier ProofOpsVerifier, verifiers ...ProofOpVerifier) (err error) { poz, err := prt.DecodeProof(proof) if err != nil { return cmn.ErrorWrap(err, "decoding proof") } + if pozVerifier != nil { + if err := pozVerifier(poz); err != nil { + return err + } + } return poz.Verify(root, keypath, args, verifiers...) } diff --git a/lite/proxy/query_test.go b/lite/proxy/query_test.go index db2b6e46c0e..8508a109d6a 100644 --- a/lite/proxy/query_test.go +++ b/lite/proxy/query_test.go @@ -42,6 +42,7 @@ func kvstoreTx(k, v []byte) []byte { // TODO: enable it after general proof format has been adapted // in abci/examples/kvstore.go +// //nolint:unused,deadcode func _TestAppProofs(t *testing.T) { assert, require := assert.New(t), require.New(t) @@ -108,7 +109,7 @@ func _TestAppProofs(t *testing.T) { require.Equal(height, brh) assert.EqualValues(v, bs) - err = prt.VerifyValue(proof, rootHash, string(k), bs) // XXX key encoding + err = prt.VerifyValue(proof, rootHash, string(k), bs, nil) // XXX key encoding assert.NoError(err, "%#v", err) // Test non-existing key.