Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(crypto): bls compilation #22717

Merged
merged 2 commits into from
Dec 2, 2024
Merged

fix(crypto): bls compilation #22717

merged 2 commits into from
Dec 2, 2024

Conversation

tac0turtle
Copy link
Member

@tac0turtle tac0turtle commented Dec 2, 2024

Description

This pr fixes bls compilation, not sure how it was missed in the last pr.

This also adds a build for bls and secp to make sure we avoid this in the future


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title, you can find examples of the prefixes below:
  • confirmed ! in the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • updated the relevant documentation or specification, including comments for documenting Go code
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

Please see Pull Request Reviewer section in the contributing guide for more information on how to review a pull request.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Summary by CodeRabbit

  • New Features

    • Introduced new build steps for the amd64 architecture, enhancing the build process with specific configurations.
  • Bug Fixes

    • Simplified signing process by removing conditional SHA256 hashing in the Sign and VerifySignature methods.
  • Chores

    • Updated build configuration by removing support for cleveldb and badgerdb, streamlining the build process.

Copy link
Contributor

coderabbitai bot commented Dec 2, 2024

📝 Walkthrough

Walkthrough

The changes in this pull request involve enhancements to the build process and modifications to cryptographic functions within the SimApp project. Specifically, new build steps for the amd64 architecture have been added to the CI workflow, allowing for different build configurations. Additionally, the Sign and VerifySignature methods in the key_cgo.go file have been simplified by removing conditional SHA256 hashing based on message length. Lastly, the build configuration in build.mk has been adjusted to remove support for certain database backends.

Changes

File Path Change Summary
.github/workflows/build.yml Added new steps for amd64 architecture: "Build with BLS12381" and "Build with Secp_cgo".
crypto/keys/bls12_381/key_cgo.go Removed SHA256 hashing in Sign and VerifySignature methods; removed import for crypto/sha256.
scripts/build/build.mk Removed conditional checks for cleveldb and badgerdb from build tags, simplifying the build process.

Possibly related PRs

Suggested labels

C:Cosmovisor

Suggested reviewers

  • sontrinh16
  • julienrbrt

📜 Recent review details

Configuration used: .coderabbit.yml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between f350775 and 4520dd9.

📒 Files selected for processing (3)
  • .github/workflows/build.yml (1 hunks)
  • crypto/keys/bls12_381/key_cgo.go (1 hunks)
  • scripts/build/build.mk (0 hunks)
💤 Files with no reviewable changes (1)
  • scripts/build/build.mk
🧰 Additional context used
📓 Path-based instructions (1)
crypto/keys/bls12_381/key_cgo.go (1)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

🔇 Additional comments (5)
.github/workflows/build.yml (1)

58-63: LGTM! Build steps properly configured for cryptographic modules.

The new build steps for BLS12381 and Secp_cgo are correctly configured:

  • Architecture check is properly implemented
  • Build options are correctly passed
  • Follows existing pattern for conditional builds

Let's verify the build options are properly recognized:

✅ Verification successful

Build options for BLS12381 and Secp are properly configured and recognized

The build system correctly handles both cryptographic options:

  • bls12381 option sets CGO_ENABLED=1 and adds bls12381 build tag
  • secp option adds libsecp256k1_sdk build tag
  • Both are properly integrated into the build flags compilation process
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the build system recognizes the new build options

# Check if build options are defined in build configuration
rg -l "bls12381|secp" scripts/build/

Length of output: 61


Script:

#!/bin/bash
# Check the content of build.mk to verify how these options are handled
cat scripts/build/build.mk

Length of output: 4430

crypto/keys/bls12_381/key_cgo.go (4)

Line range hint 1-1: Build constraints properly restrict supported platforms.

The build tag ensures the code only compiles on supported platforms and architectures, which is crucial for cryptographic implementations.


12-12: Import reorganization looks good.

The removal of sha256 import and repositioning of tmhash import aligns with the changes in signing logic.


Line range hint 143-159: Verify signature verification changes.

The signature verification logic remains robust with proper error handling, but we should verify that the removal of message length handling is consistent with the signing changes.

Let's check for consistency in message handling:

✅ Verification successful

BLS signature verification is consistent with signing implementation

The verification implementation in crypto/keys/bls12_381/key_cgo.go is correct and consistent with the signing changes. The code:

  1. Properly validates signature length
  2. Verifies the public key is valid before verification
  3. Delegates to the underlying BLS implementation for verification without any message length preprocessing
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify consistent message handling across the codebase

# Search for BLS signature verification implementations
ast-grep --pattern 'func $x($y) bool {
  $$$
  VerifySignature($$$)
  $$$
}'

Length of output: 78


Script:

#!/bin/bash
# Let's try a different approach to find signature verification implementations

# Search for files containing VerifySignature
rg -l "VerifySignature"

# Then look for actual implementations with context
rg "VerifySignature" -A 5 -B 5

# Also search for message handling in BLS-related files
rg "msg" crypto/keys/bls12_381/

Length of output: 46484


Line range hint 76-85: Verify security implications of direct message signing.

The removal of message length check and SHA256 hashing for large messages represents a significant change in the signing behavior. Please verify:

  1. That this aligns with the BLS signature scheme specification
  2. That there are no security implications from signing large raw messages
  3. That all dependent systems are aware of this change

Let's check for any existing length-dependent message handling:

✅ Verification successful

Let me gather more information about the BLS signing implementation and its dependencies.


Let me check the underlying BLS library implementation to understand the message handling behavior.


Let me check for any test files or documentation that might reveal the intended behavior of BLS signing.


Let me check the BLS library implementation and any related test files to understand the message handling behavior.


Based on the gathered information, I can now provide a final response about the security implications of the change.

Verify that BLS signature implementation aligns with standards and security best practices

The removal of message length check and SHA256 hashing for large messages appears to be a deliberate change to align with the underlying BLS library's native message handling. The evidence shows:

  1. The implementation relies on the CometBFT's BLS12-381 library which handles message signing directly
  2. The library enforces strict size checks on keys and signatures (PrivKeySize, PubKeySize, SignatureLength) but not on message size
  3. BLS signature schemes generally support arbitrary message lengths without requiring pre-hashing

This change:

  • Removes an unnecessary layer of message preprocessing
  • Allows direct signing of messages as per BLS signature specification
  • Maintains security through the underlying cryptographic library's implementation
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Look for other message length checks in crypto implementations

# Search for message length checks in crypto code
rg -A 3 "len\(msg\)" crypto/

Length of output: 976


Script:

#!/bin/bash
# Check BLS signature implementation details and dependencies

# Look for BLS signature related code and message handling
rg -A 5 "Sign.*msg.*byte" crypto/keys/bls12_381/

# Check for MaxMsgLen constant and its usage
rg "MaxMsgLen" crypto/

# Look for any SHA256 hashing in BLS signing context
rg -A 3 "SHA256|Hash" crypto/keys/bls12_381/

# Check for any test files that might reveal the expected behavior
fd ".*test.*" crypto/keys/bls12_381/

Length of output: 2555


Script:

#!/bin/bash
# Check the underlying BLS library implementation

# Look for the bls12381 package imports
rg "bls12381" crypto/keys/bls12_381/ -A 3

# Check for any documentation or implementation details in the BLS library
fd "bls12381" . --type f --exec cat {}

# Look for any aggregated signature functionality that might affect message handling
rg -A 3 "Aggregate|BatchVerify" .

Length of output: 69068


Script:

#!/bin/bash
# Look for test files and documentation

# Search for test files containing BLS signature tests
fd -e go ".*test.*" . --exec rg -l "Sign.*msg" {}

# Look for any documentation about message handling in BLS signatures
rg -A 3 "BLS|sign.*message" . --type md

# Check for any constants related to message length or hashing
rg "MaxMsgLen|SHA256|Hash" crypto/keys/bls12_381/

Length of output: 31373


Script:

#!/bin/bash
# Check BLS library implementation and tests

# Look for the BLS library import path
rg "github.com/cometbft/cometbft/crypto/bls12381" -A 5

# Check for any test files that might show message handling
fd -e go ".*test.*" . --exec rg -l "bls12381" {}

# Look for any message length or hash related constants
rg "SignatureLength|PrivKeySize|PubKeySize" crypto/keys/bls12_381/

Length of output: 3023


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

github-actions bot commented Dec 2, 2024

@tac0turtle your pull request is missing a changelog!

@julienrbrt julienrbrt added the backport/v0.52.x PR scheduled for inclusion in the v0.52's next stable release label Dec 2, 2024
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)
crypto/keys/bls12_381/key_cgo.go (1)

Line range hint 142-157: Consider adding performance metrics for signature verification.

The direct verification of signatures without pre-hashing large messages might impact performance. Consider adding metrics to monitor the verification time for different message sizes.

Would you like me to help implement performance metrics for signature operations?

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between f350775 and 4520dd9.

📒 Files selected for processing (3)
  • .github/workflows/build.yml (1 hunks)
  • crypto/keys/bls12_381/key_cgo.go (1 hunks)
  • scripts/build/build.mk (0 hunks)
💤 Files with no reviewable changes (1)
  • scripts/build/build.mk
🧰 Additional context used
📓 Path-based instructions (1)
crypto/keys/bls12_381/key_cgo.go (1)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

🔇 Additional comments (3)
.github/workflows/build.yml (1)

58-63: LGTM! Build steps for cryptographic modules look good.

The addition of BLS12381 and Secp_cgo build steps is well-structured and properly conditioned for amd64 architecture. This aligns with the PR's objective of fixing BLS compilation issues.

Let's verify the build options are consistently defined:

✅ Verification successful

Build options for BLS12381 and Secp are properly configured in the build system

The build options in the workflow file are correctly defined and match the build system configuration. In scripts/build/build.mk:

  • bls12381 option adds the corresponding build tag and enables CGO
  • secp option adds the libsecp256k1_sdk build tag
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify build options in makefile
# Check if the build options (bls12381, secp) are properly defined in the build system

rg -l 'COSMOS_BUILD_OPTIONS.*bls12381|COSMOS_BUILD_OPTIONS.*secp' 'Makefile*' 'scripts/build/*'

Length of output: 203


Script:

#!/bin/bash
# Let's first find the Makefile and build scripts in the repository
fd -t f "Makefile|\.mk$" 

# Then search for build scripts
fd -t f . "scripts/"

Length of output: 1315


Script:

#!/bin/bash
# Check build.mk for build options configuration
cat scripts/build/build.mk

# Check main Makefile for build options
cat Makefile

# Search for any BLS or secp related build configurations
rg -i "bls|secp.*build" scripts/build/ Makefile

Length of output: 5210

crypto/keys/bls12_381/key_cgo.go (2)

12-12: LGTM! Import change looks good.

The switch from crypto/sha256 to tmhash is appropriate as it aligns with the CometBFT crypto framework.


Line range hint 77-86: Verify the security implications of removing message length checks.

The removal of message length validation and pre-hashing for large messages could have security implications. Please ensure this change:

  1. Doesn't expose the system to potential DoS attacks with large messages
  2. Aligns with BLS12-381 signature scheme specifications
  3. Maintains compatibility with existing signed messages

Let's check for any security considerations in the codebase:

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)
crypto/keys/bls12_381/key_cgo.go (1)

Line range hint 1-190: Consider adding documentation about security properties.

The removal of message hashing represents a significant change in the cryptographic properties of the signing mechanism. This should be clearly documented.

Add documentation explaining:

  • The direct signing behavior
  • Any message size limitations
  • Security considerations for protocol designers
 //go:build ((linux && amd64) || (linux && arm64) || (darwin && amd64) || (darwin && arm64) || (windows && amd64)) && bls12381
 
 package bls12_381
+
+// Package bls12_381 implements BLS signatures with direct message signing.
+// Important security considerations:
+// - Messages are signed directly without pre-hashing
+// - No internal message length limits are enforced
+// - Protocol designers should carefully consider message size implications
📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between f350775 and 4520dd9.

📒 Files selected for processing (3)
  • .github/workflows/build.yml (1 hunks)
  • crypto/keys/bls12_381/key_cgo.go (1 hunks)
  • scripts/build/build.mk (0 hunks)
💤 Files with no reviewable changes (1)
  • scripts/build/build.mk
🧰 Additional context used
📓 Path-based instructions (1)
crypto/keys/bls12_381/key_cgo.go (1)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

🔇 Additional comments (5)
.github/workflows/build.yml (1)

58-63: LGTM! Build steps for cryptographic modules look correct.

The new build steps for BLS12381 and Secp_cgo are properly configured:

  • Correctly restricted to amd64 architecture
  • Follows existing pattern of conditional builds
  • Build options are properly passed via environment variables

Let's verify the build options are properly recognized:

✅ Verification successful

Build options are properly integrated in the build system

The build system correctly recognizes both bls12381 and secp build options in scripts/build/build.mk:

  • secp option adds libsecp256k1_sdk build tag
  • bls12381 option enables CGO and adds bls12381 build tag
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the build system recognizes the new build options

# Check if the build options are defined in the build system
rg -A 3 'bls12381|secp' scripts/build/

Length of output: 616

crypto/keys/bls12_381/key_cgo.go (4)

12-12: Verify tmhash import usage after reorganization.

The tmhash import is now only used for Address() calculation. This is correct as it maintains consistent address derivation.


Line range hint 1-1: Verify build tag constraints are sufficient.

The build tag correctly restricts the implementation to supported platforms. However, we should ensure this aligns with all BLS-dependent features.

✅ Verification successful

Let me gather more information about the BLS implementation and its dependencies.


Build tag constraints are correctly implemented

The build tag implementation is well-structured and sufficient:

  • key_cgo.go contains the actual BLS implementation with proper platform constraints ((linux && amd64) || (linux && arm64) || (darwin && amd64) || (darwin && arm64) || (windows && amd64)) && bls12381
  • key.go has a complementary constraint !bls12381 and contains stub implementations that panic when BLS is not enabled
  • No other files in the codebase have BLS-specific build constraints, which is correct as they should be platform-agnostic

This setup ensures that:

  1. BLS functionality is only available on supported platforms when explicitly enabled
  2. Compilation fails gracefully on unsupported platforms
  3. Other parts of the codebase remain platform-independent
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify build tag consistency across BLS implementation

# Check for other BLS-related files and their build tags
fd -e go | xargs rg -l 'bls12381'

# Look for potential platform-specific code
rg -B 1 'go:build.*(linux|darwin|windows).*bls'

Length of output: 421


Script:

#!/bin/bash
# Check the content of key.go and key_cgo.go to understand the implementation structure
cat crypto/keys/bls12_381/key.go
cat crypto/keys/bls12_381/key_cgo.go

# Check for any other build constraints in the codebase related to BLS
rg -p "//go:build.*bls" 

# Look for any BLS-related test files
fd -e go | xargs rg -l 'TestBLS|test.*bls'

Length of output: 9473


Line range hint 134-147: Verify signature verification changes align with signing changes.

The VerifySignature implementation has been simplified to match the new signing behavior. While this maintains consistency, we should ensure all consumers are aware of the change.


Line range hint 76-84: Critical: Verify security implications of direct message signing.

The removal of message length checks and direct signing of raw messages instead of their hashes has important security implications:

  1. Large messages could impact performance
  2. Changed security properties might affect existing protocols

Let's check for potential impacts:

@julienrbrt julienrbrt enabled auto-merge December 2, 2024 17:25
@julienrbrt julienrbrt added this pull request to the merge queue Dec 2, 2024
Merged via the queue into main with commit 9d9c19c Dec 2, 2024
85 of 86 checks passed
@julienrbrt julienrbrt deleted the marko/fix_bls branch December 2, 2024 17:42
mergify bot pushed a commit that referenced this pull request Dec 2, 2024
julienrbrt pushed a commit that referenced this pull request Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/v0.52.x PR scheduled for inclusion in the v0.52's next stable release Type: CI
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants