Skip to content

Commit d1e285d

Browse files
authored
Merge pull request #7888 from multiversx/merge-master-into-rc/supernova-2026.06.23
Merge master into rc/supernova 2026.06.23
2 parents e758fce + 4134d2a commit d1e285d

24 files changed

Lines changed: 442 additions & 54 deletions

consensus/spos/bls/proxy/subroundsHandler_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111

1212
mock2 "github.com/multiversx/mx-chain-go/consensus/mock"
1313
"github.com/multiversx/mx-chain-go/consensus/spos"
14+
"github.com/multiversx/mx-chain-go/consensus/spos/bls"
1415
"github.com/multiversx/mx-chain-go/testscommon"
1516
"github.com/multiversx/mx-chain-go/testscommon/bootstrapperStubs"
1617
"github.com/multiversx/mx-chain-go/testscommon/common"
@@ -87,6 +88,10 @@ func getDefaultArgumentsSubroundHandler() (*SubroundsHandlerArgs, *spos.Consensu
8788
consensusCore.SetEquivalentProofsPool(&dataRetriever.ProofsPoolMock{})
8889
consensusCore.SetEpochNotifier(epochNotifier)
8990
consensusCore.SetInvalidSignersCache(&consensus.InvalidSignersCacheMock{})
91+
92+
messagesHandler, _ := bls.NewConsensusService()
93+
consensusCore.SetMessagesHandler(messagesHandler)
94+
9095
handlerArgs.ConsensusCoreHandler = consensusCore
9196

9297
return handlerArgs, consensusCore

consensus/spos/bls/v1/subroundEndRound.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -479,9 +479,10 @@ func (sr *subroundEndRound) verifyNodesOnAggSigFail() ([]string, error) {
479479

480480
func (sr *subroundEndRound) getFullMessagesForInvalidSigners(invalidPubKeys []string) ([]byte, error) {
481481
p2pMessages := make([]p2p.MessageP2P, 0)
482+
headerHash := sr.GetData()
482483

483484
for _, pk := range invalidPubKeys {
484-
p2pMsg, ok := sr.GetMessageWithSignature(pk)
485+
p2pMsg, ok := sr.GetMessageWithSignature(spos.SignatureMessageKey(headerHash, pk))
485486
if !ok {
486487
log.Trace("message not found in state for invalid signer", "pubkey", pk)
487488
continue

consensus/spos/bls/v1/subroundEndRound_test.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1720,8 +1720,9 @@ func TestGetFullMessagesForInvalidSigners(t *testing.T) {
17201720
container.SetMessageSigningHandler(messageSigningHandler)
17211721

17221722
sr := initSubroundEndRoundWithContainer(container, &statusHandler.AppStatusHandlerStub{})
1723-
sr.AddMessageWithSignature("B", &p2pmocks.P2PMessageMock{})
1724-
sr.AddMessageWithSignature("C", &p2pmocks.P2PMessageMock{})
1723+
headerHash := sr.GetData()
1724+
sr.AddMessageWithSignature(spos.SignatureMessageKey(headerHash, "B"), &p2pmocks.P2PMessageMock{})
1725+
sr.AddMessageWithSignature(spos.SignatureMessageKey(headerHash, "C"), &p2pmocks.P2PMessageMock{})
17251726

17261727
invalidSigners := []string{"B", "C"}
17271728

consensus/spos/bls/v2/benchmark_send_proof_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ func benchmarkSendProof(b *testing.B, numberOfKeys int) {
120120
// Initialize consensus state with real keys
121121
consensusState := initializers.InitConsensusStateWithArgsVerifySignature(keysHandlerMock, keys)
122122
dataToBeSigned := []byte("block_header_hash_for_benchmark")
123-
consensusState.Data = dataToBeSigned
123+
consensusState.SetData(dataToBeSigned)
124124

125125
ch := make(chan bool, 1)
126126

consensus/spos/bls/v2/benchmark_verify_signatures_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ func BenchmarkSubroundEndRound_VerifyNodesOnAggSigFailTime(b *testing.B) {
110110
container.SetSigningHandler(signingHandler)
111111
consensusState := initializers.InitConsensusStateWithArgsVerifySignature(keysHandlerMock, keys)
112112
dataToBeSigned := []byte("message")
113-
consensusState.Data = dataToBeSigned
113+
consensusState.SetData(dataToBeSigned)
114114

115115
sr := initSubroundEndRoundWithContainerAndConsensusState(container, &statusHandler.AppStatusHandlerStub{}, consensusState)
116116
for i := 0; i < len(sr.ConsensusGroup()); i++ {

consensus/spos/bls/v2/errors.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,14 @@ var ErrTimeOut = errors.New("time is out")
1111
// ErrProofAlreadyPropagated signals that the proof was already propagated
1212
var ErrProofAlreadyPropagated = errors.New("proof already propagated")
1313

14+
// ErrValidSignatureFromInvalidSigner signals that a valid signature was received on invalid signers message
15+
var ErrValidSignatureFromInvalidSigner = errors.New("valid signature from invalid sender")
16+
17+
// ErrHeaderHashMismatch signals that header hash does not match
18+
var ErrHeaderHashMismatch = errors.New("header hash does not match")
19+
1420
// ErrNilRoundSyncController signals that a nil round sync controller has been provided
1521
var ErrNilRoundSyncController = errors.New("nil round sync controller")
1622

1723
// ErrTooManyInvalidSigners signals that too many invalid signers were received
1824
var ErrTooManyInvalidSigners = errors.New("too many invalid signers")
19-
20-
// ErrValidSignatureFromInvalidSigner signals that a valid signature was received on invalid signers message
21-
var ErrValidSignatureFromInvalidSigner = errors.New("valid signature from invalid sender")

consensus/spos/bls/v2/export_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -302,8 +302,8 @@ func (sr *subroundEndRound) ReceivedInvalidSignersInfo(cnsDta *consensus.Message
302302
}
303303

304304
// VerifyInvalidSigners calls the unexported verifyInvalidSigners function
305-
func (sr *subroundEndRound) VerifyInvalidSigners(invalidSigners []byte) ([]string, error) {
306-
return sr.verifyInvalidSigners(invalidSigners)
305+
func (sr *subroundEndRound) VerifyInvalidSigners(headerHash []byte, invalidSigners []byte) ([]string, error) {
306+
return sr.verifyInvalidSigners(headerHash, invalidSigners)
307307
}
308308

309309
// GetMinConsensusGroupIndexOfManagedKeys calls the unexported getMinConsensusGroupIndexOfManagedKeys function

consensus/spos/bls/v2/subroundEndRound.go

Lines changed: 30 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -156,9 +156,15 @@ func (sr *subroundEndRound) receivedInvalidSignersInfo(_ context.Context, cnsDta
156156
return false
157157
}
158158

159-
invalidSignersPubKeys, err := sr.verifyInvalidSigners(cnsDta.InvalidSigners)
159+
invalidSignersPubKeys, err := sr.verifyInvalidSigners(cnsDta.BlockHeaderHash, cnsDta.InvalidSigners)
160160
if err != nil {
161161
log.Trace("receivedInvalidSignersInfo.verifyInvalidSigners", "error", err.Error())
162+
163+
if errors.Is(err, ErrValidSignatureFromInvalidSigner) {
164+
originatorPeer := core.PeerID(cnsDta.OriginatorPid)
165+
sr.applyBlacklistOnNode(originatorPeer)
166+
}
167+
162168
return false
163169
}
164170

@@ -175,7 +181,10 @@ func (sr *subroundEndRound) receivedInvalidSignersInfo(_ context.Context, cnsDta
175181
return true
176182
}
177183

178-
func (sr *subroundEndRound) verifyInvalidSigners(invalidSigners []byte) ([]string, error) {
184+
func (sr *subroundEndRound) verifyInvalidSigners(
185+
headerHash []byte,
186+
invalidSigners []byte,
187+
) ([]string, error) {
179188
messages, err := sr.MessageSigningHandler().Deserialize(invalidSigners)
180189
if err != nil {
181190
return nil, err
@@ -187,7 +196,7 @@ func (sr *subroundEndRound) verifyInvalidSigners(invalidSigners []byte) ([]strin
187196

188197
pubKeys := make([]string, 0, len(messages))
189198
for _, msg := range messages {
190-
pubKey, errVerify := sr.verifyInvalidSigner(msg)
199+
pubKey, errVerify := sr.verifyInvalidSigner(headerHash, msg)
191200
if errVerify != nil {
192201
return nil, errVerify
193202
}
@@ -200,18 +209,30 @@ func (sr *subroundEndRound) verifyInvalidSigners(invalidSigners []byte) ([]strin
200209
return pubKeys, nil
201210
}
202211

203-
func (sr *subroundEndRound) verifyInvalidSigner(msg p2p.MessageP2P) (string, error) {
204-
err := sr.MessageSigningHandler().Verify(msg)
212+
func (sr *subroundEndRound) verifyInvalidSigner(
213+
headerHash []byte,
214+
msg p2p.MessageP2P,
215+
) (string, error) {
216+
cnsMsg := &consensus.Message{}
217+
err := sr.Marshalizer().Unmarshal(cnsMsg, msg.Data())
205218
if err != nil {
206219
return "", err
207220
}
208221

209-
cnsMsg := &consensus.Message{}
210-
err = sr.Marshalizer().Unmarshal(cnsMsg, msg.Data())
222+
msgType := consensus.MessageType(cnsMsg.MsgType)
223+
if !sr.MessagesHandler().IsMessageWithSignature(msgType) {
224+
return "", spos.ErrInvalidMessageType
225+
}
226+
227+
err = sr.MessageSigningHandler().Verify(msg)
211228
if err != nil {
212229
return "", err
213230
}
214231

232+
if !bytes.Equal(headerHash, cnsMsg.BlockHeaderHash) {
233+
return "", ErrHeaderHashMismatch
234+
}
235+
215236
err = sr.SigningHandler().VerifySingleSignature(cnsMsg.PubKey, cnsMsg.BlockHeaderHash, cnsMsg.SignatureShare)
216237
if err != nil {
217238
log.Debug("verifyInvalidSigner: confirmed that node provided invalid signature",
@@ -575,9 +596,10 @@ func (sr *subroundEndRound) clearJobDoneForUnVerifiedSignatures(pubKeys []string
575596

576597
func (sr *subroundEndRound) getFullMessagesForInvalidSigners(invalidPubKeys []string) ([]byte, error) {
577598
p2pMessages := make([]p2p.MessageP2P, 0)
599+
headerHash := sr.GetData()
578600

579601
for _, pk := range invalidPubKeys {
580-
p2pMsg, ok := sr.GetMessageWithSignature(pk)
602+
p2pMsg, ok := sr.GetMessageWithSignature(spos.SignatureMessageKey(headerHash, pk))
581603
if !ok {
582604
log.Trace("message not found in state for invalid signer", "pubkey", pk)
583605
continue

0 commit comments

Comments
 (0)