Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

R4R: Fully verify the signature in gaiacli tx sign #2995

Merged
merged 14 commits into from
Dec 6, 2018
Merged

R4R: Fully verify the signature in gaiacli tx sign #2995

merged 14 commits into from
Dec 6, 2018

Conversation

alexanderbez
Copy link
Contributor

@alexanderbez alexanderbez commented Dec 4, 2018
edited
Loading

Fully verify the signature during gaiacli tx sign --validate-signatures

closes: #2991

  • Targeted PR against correct branch (see CONTRIBUTING.md)

  • Linked to github-issue with discussion and accepted design OR link to spec that describes this work.

  • Wrote tests

  • Updated relevant documentation (docs/)

  • Added entries in PENDING.md with issue #

  • rereviewed Files changed in the github PR explorer

For Admin Use:

  • Added appropriate labels to PR (ex. wip, ready-for-review, docs)
  • Reviewers Assigned
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

@codecov
Copy link

codecov bot commented Dec 4, 2018
edited
Loading

Codecov Report

Merging #2995 into develop will decrease coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           develop   #2995      +/-   ##
==========================================
- Coverage    55.53%   55.5%   -0.03%     
==========================================
  Files          120     120              
  Lines         8494    8494              
==========================================
- Hits          4717    4715       -2     
- Misses        3455    3457       +2     
  Partials       322     322

@alexanderbez alexanderbez changed the title WIP: Fully verify the signature in gaiacli tx sign R4R: Fully verify the signature in gaiacli tx sign Dec 4, 2018
jackzampolin
jackzampolin approved these changes Dec 4, 2018
View reviewed changes
Copy link
Member

@jackzampolin jackzampolin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pulled locally and working well for me! Also glad we added the logic to actually verify when we say we are. Good PR @alexanderbez

rigelrozanski
rigelrozanski suggested changes Dec 4, 2018
View reviewed changes
Copy link
Contributor

@rigelrozanski rigelrozanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's write a test

x/auth/client/cli/sign.go
signers := stdTx.GetSigners()
for i, signer := range signers {
fmt.Printf(" %v: %v\n", i, signer.String())
}

success := true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably a better way which we can avoid creating/using this variable altogether (for another PR though)

Copy link
Contributor Author

@alexanderbez alexanderbez Dec 5, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rigelrozanski I'm happy to do that in this PR since it's really in context. Do you have suggestions on how to?

We prefer to loop over all the sigs and not short-circuit. In other words, we cannot simply return an error or bool at first sight of a problem. Any suggestions on how to do this without keeping track via a variable?

Copy link
Contributor

@rigelrozanski rigelrozanski Dec 5, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nope, if the point is to complete the loop before returning an error, then a variable must be used. What's the thinking behind completing the loop before returning?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea is that txs can have many signers/signatures. The UX we want to provide should show you all the signatures and either an OK or the ERROR. If we short-circuit, the user doesn't get the full picture.

I'd propose the function is ok.

x/auth/client/cli/sign.go Outdated Show resolved Hide resolved
alessio
alessio suggested changes Dec 5, 2018
View reviewed changes
x/auth/client/cli/sign.go Outdated Show resolved Hide resolved
@alexanderbez
Copy link
Contributor Author

@rigelrozanski @alessio updated.

alessio
alessio suggested changes Dec 5, 2018
View reviewed changes
x/auth/client/cli/sign.go Outdated Show resolved Hide resolved
x/auth/client/cli/sign.go Outdated Show resolved Hide resolved
@alessio @alexanderbez
Update x/auth/client/cli/sign.go
21cdebc 
Co-Authored-By: alexanderbez <alexanderbez@users.noreply.github.com>
alessio
alessio approved these changes Dec 5, 2018
View reviewed changes
Copy link
Contributor

@alessio alessio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uACK

@rigelrozanski rigelrozanski merged commit 5b42e83 into develop Dec 6, 2018
@rigelrozanski rigelrozanski deleted the bez/2991-tx-sign-sig-validate branch December 6, 2018 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alessio alessio alessio approved these changes

@jackzampolin jackzampolin jackzampolin approved these changes

@rigelrozanski rigelrozanski rigelrozanski approved these changes

@cwgoes cwgoes Awaiting requested review from cwgoes

@ebuchman ebuchman Awaiting requested review from ebuchman

Assignees
No one assigned
Labels
C:CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"gaia tx sign adrian.json --validate-signatures" always returns OK
4 participants
@alexanderbez @alessio @jackzampolin @rigelrozanski