@@ -156,9 +156,15 @@ func (sr *subroundEndRound) receivedInvalidSignersInfo(_ context.Context, cnsDta
156156 return false
157157 }
158158
159- invalidSignersPubKeys , err := sr .verifyInvalidSigners (cnsDta .InvalidSigners )
159+ invalidSignersPubKeys , err := sr .verifyInvalidSigners (cnsDta .BlockHeaderHash , cnsDta . InvalidSigners )
160160 if err != nil {
161161 log .Trace ("receivedInvalidSignersInfo.verifyInvalidSigners" , "error" , err .Error ())
162+
163+ if errors .Is (err , ErrValidSignatureFromInvalidSigner ) {
164+ originatorPeer := core .PeerID (cnsDta .OriginatorPid )
165+ sr .applyBlacklistOnNode (originatorPeer )
166+ }
167+
162168 return false
163169 }
164170
@@ -175,7 +181,10 @@ func (sr *subroundEndRound) receivedInvalidSignersInfo(_ context.Context, cnsDta
175181 return true
176182}
177183
178- func (sr * subroundEndRound ) verifyInvalidSigners (invalidSigners []byte ) ([]string , error ) {
184+ func (sr * subroundEndRound ) verifyInvalidSigners (
185+ headerHash []byte ,
186+ invalidSigners []byte ,
187+ ) ([]string , error ) {
179188 messages , err := sr .MessageSigningHandler ().Deserialize (invalidSigners )
180189 if err != nil {
181190 return nil , err
@@ -187,7 +196,7 @@ func (sr *subroundEndRound) verifyInvalidSigners(invalidSigners []byte) ([]strin
187196
188197 pubKeys := make ([]string , 0 , len (messages ))
189198 for _ , msg := range messages {
190- pubKey , errVerify := sr .verifyInvalidSigner (msg )
199+ pubKey , errVerify := sr .verifyInvalidSigner (headerHash , msg )
191200 if errVerify != nil {
192201 return nil , errVerify
193202 }
@@ -200,18 +209,30 @@ func (sr *subroundEndRound) verifyInvalidSigners(invalidSigners []byte) ([]strin
200209 return pubKeys , nil
201210}
202211
203- func (sr * subroundEndRound ) verifyInvalidSigner (msg p2p.MessageP2P ) (string , error ) {
204- err := sr .MessageSigningHandler ().Verify (msg )
212+ func (sr * subroundEndRound ) verifyInvalidSigner (
213+ headerHash []byte ,
214+ msg p2p.MessageP2P ,
215+ ) (string , error ) {
216+ cnsMsg := & consensus.Message {}
217+ err := sr .Marshalizer ().Unmarshal (cnsMsg , msg .Data ())
205218 if err != nil {
206219 return "" , err
207220 }
208221
209- cnsMsg := & consensus.Message {}
210- err = sr .Marshalizer ().Unmarshal (cnsMsg , msg .Data ())
222+ msgType := consensus .MessageType (cnsMsg .MsgType )
223+ if ! sr .MessagesHandler ().IsMessageWithSignature (msgType ) {
224+ return "" , spos .ErrInvalidMessageType
225+ }
226+
227+ err = sr .MessageSigningHandler ().Verify (msg )
211228 if err != nil {
212229 return "" , err
213230 }
214231
232+ if ! bytes .Equal (headerHash , cnsMsg .BlockHeaderHash ) {
233+ return "" , ErrHeaderHashMismatch
234+ }
235+
215236 err = sr .SigningHandler ().VerifySingleSignature (cnsMsg .PubKey , cnsMsg .BlockHeaderHash , cnsMsg .SignatureShare )
216237 if err != nil {
217238 log .Debug ("verifyInvalidSigner: confirmed that node provided invalid signature" ,
@@ -575,9 +596,10 @@ func (sr *subroundEndRound) clearJobDoneForUnVerifiedSignatures(pubKeys []string
575596
576597func (sr * subroundEndRound ) getFullMessagesForInvalidSigners (invalidPubKeys []string ) ([]byte , error ) {
577598 p2pMessages := make ([]p2p.MessageP2P , 0 )
599+ headerHash := sr .GetData ()
578600
579601 for _ , pk := range invalidPubKeys {
580- p2pMsg , ok := sr .GetMessageWithSignature (pk )
602+ p2pMsg , ok := sr .GetMessageWithSignature (spos . SignatureMessageKey ( headerHash , pk ) )
581603 if ! ok {
582604 log .Trace ("message not found in state for invalid signer" , "pubkey" , pk )
583605 continue
0 commit comments