update for container signature verify

nmregister/register.go

@@ -36,6 +36,11 @@ type NMRegister struct {
 	rw       sync.RWMutex
 	public   ecdsa.PublicKey
 	quit     chan struct{}
+	status   string
+}
+
+func (s *NMRegister) SetStatus(status string) {
+	s.status = status
 }
 
 func (s *NMRegister) ServiceType() common.ServiceType {
@@ -43,7 +48,7 @@ func (s *NMRegister) ServiceType() common.ServiceType {
 }
 
 func (s *NMRegister) Status() string {
-	return "running"
+	return s.status
 }
 
 func (s *NMRegister) DetailInfo() (json.RawMessage, error) {

server/node.go

@@ -98,17 +98,6 @@ func (n *Node) Sign(hash []byte) ([]byte, error) {
 	return crypto.Sign(hash, n.privk)
 }
 
-func (n *Node) Start() error {
-	go n.registry.Start()
-	go n.register.Start()
-	go n.postLoop()
-
-	if err := n.apiStart(); err != nil {
-		return err
-	}
-	return nil
-}
-
 func (n *Node) apiStart() error {
 	lis, err := net.Listen("tcp", config.GetConfig().ApiEndpoint())
 	if err != nil {
@@ -171,10 +160,27 @@ func (n *Node) postLoop() {
 	}
 }
 
+func (n *Node) Start() error {
+	go n.registry.Start()
+	go n.register.Start()
+	go n.postLoop()
+
+	if err := n.apiStart(); err != nil {
+		return err
+	}
+	n.SetStatus("running")
+	return nil
+}
+
 func (n *Node) Stop() {
+	n.registry.Clear()
 	n.registry.Stop()
 	n.register.Stop()
 	n.apiServer.Stop()
 	close(n.taskResultCh)
 	close(n.taskProofCh)
 }
+
+func (n *Node) SetStatus(status string) {
+	n.register.SetStatus(status)
+}

server/taskresult.go

@@ -66,24 +66,34 @@ func (wm *WorkerManager) computeTaskResult(worker *Worker, task *odysseus.TaskCo
 		}
 		go wm.doCallback(task.TaskCallback, taskResponse)
 	}
+	paramHash := crypto.Keccak256Hash(task.TaskParam)
+	resultHash := crypto.Keccak256Hash(result.TaskResultBody)
+	{
+		// verify container_signature and miner_signature
+		// container_signature = sign(hash(task_id+hash(task_param)+hash(task_result)))
+		dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
+		signature := result.ContainerSignature
+		if len(signature) == 65 {
+			signature = signature[:64]
+		}
+		pubkey := utils.FromHex(string(task.ContainerPubkey))
+		if len(pubkey) > 65 {
+			pubkey = pubkey[:65]
+		}
 
-	//{
-	//	// verify container_signature and miner_signature
-	//	// container_signature = sign(hash(task_id+hash(task_param)+hash(task_result)))
-	//	paramHash := crypto.Keccak256Hash(task.TaskParam)
-	//	resultHash := crypto.Keccak256Hash(result.TaskResult)
-	//	dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskUuid), paramHash[:], resultHash[:]))
-	//	containerPubkey, _ := utils.HexToPubkey(hex.EncodeToString(task.ContainerPubkey))
-	//	verified := ecdsa.VerifyASN1(containerPubkey, dataHash[:], result.ContainerSignature)
-	//	if !verified {
-	//		// todo: handle signature verify failed
-	//	}
-	//}
+		verified := crypto.VerifySignature(pubkey, dataHash[:], signature)
+		log.WithFields(log.Fields{
+			"containerSignatureVerify": verified,
+			"taskkind":                 task.TaskKind,
+			"containerPubkey":          string(task.ContainerPubkey),
+		}).Debug("container signature verify")
+		if !verified {
+			// todo: handle signature verify failed
+		}
+	}
 	{
 		// verify miner_signature
 		// miner_signature = sign(hash((task_id+hash(task_param)+hash(task_result)))
-		paramHash := crypto.Keccak256Hash(task.TaskParam)
-		resultHash := crypto.Keccak256Hash(result.TaskResultBody)
 		dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
 		signature := result.MinerSignature
 		if len(signature) == 65 {
@@ -104,8 +114,6 @@ func (wm *WorkerManager) computeTaskResult(worker *Worker, task *odysseus.TaskCo
 
 	//manager_signature = sign(hash((task_id+hash(task_param)+hash(task_result)+container_signature+miner_signature+workload+time))
 	now := time.Now().Unix()
-	paramHash := crypto.Keccak256Hash(task.TaskParam)
-	resultHash := crypto.Keccak256Hash(result.TaskResultBody)
 	dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:],
 		worker.ProfitAccount().Bytes(), worker.WorkerAccount().Bytes(), result.ContainerSignature, result.MinerSignature, big.NewInt(int64(task.TaskWorkload)).Bytes()),
 		big.NewInt(now).Bytes())
@@ -163,23 +171,34 @@ func (wm *WorkerManager) standardTaskResult(worker *Worker, task *odysseus.TaskC
 		return nil, errors.New("stdlib to verify failed")
 	}
 
-	//{
-	//	// verify container_signature and miner_signature
-	//	// container_signature = sign(hash(task_id+hash(task_param)+hash(task_result)))
-	//	paramHash := crypto.Keccak256Hash(task.TaskParam)
-	//	resultHash := crypto.Keccak256Hash(result.TaskResult)
-	//	dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskUuid), paramHash[:], resultHash[:]))
-	//	containerPubkey, _ := utils.HexToPubkey(hex.EncodeToString(task.ContainerPubkey))
-	//	verified := ecdsa.VerifyASN1(containerPubkey, dataHash[:], result.ContainerSignature)
-	//	if !verified {
-	//		// todo: handle signature verify failed
-	//	}
-	//}
+	paramHash := crypto.Keccak256Hash(task.TaskParam)
+	resultHash := crypto.Keccak256Hash(result.TaskResultBody)
+	{
+		// verify container_signature and miner_signature
+		// container_signature = sign(hash(task_id+hash(task_param)+hash(task_result)))
+		dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
+		signature := result.ContainerSignature
+		if len(signature) == 65 {
+			signature = signature[:64]
+		}
+		pubkey := utils.FromHex(string(task.ContainerPubkey))
+		if len(pubkey) > 65 {
+			pubkey = pubkey[:65]
+		}
+
+		verified := crypto.VerifySignature(pubkey, dataHash[:], signature)
+		log.WithFields(log.Fields{
+			"containerSignatureVerify": verified,
+			"taskkind":                 task.TaskKind,
+			"containerPubkey":          string(task.ContainerPubkey),
+		}).Debug("container signature verify")
+		if !verified {
+			// todo: handle signature verify failed
+		}
+	}
 	{
 		// verify miner_signature
 		// miner_signature = sign(hash((task_id+hash(task_param)+hash(task_result)))
-		paramHash := crypto.Keccak256Hash(task.TaskParam)
-		resultHash := crypto.Keccak256Hash(result.TaskResultBody)
 		dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
 		signature := result.MinerSignature
 		if len(signature) == 65 {
@@ -200,8 +219,6 @@ func (wm *WorkerManager) standardTaskResult(worker *Worker, task *odysseus.TaskC
 
 	now := time.Now().Unix()
 	//manager_signature = sign(hash((task_id+hash(task_param)+hash(task_result)+container_signature+miner_signature+workload+time))
-	paramHash := crypto.Keccak256Hash(task.TaskParam)
-	resultHash := crypto.Keccak256Hash(result.TaskResultBody)
 	dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:],
 		worker.ProfitAccount().Bytes(), worker.WorkerAccount().Bytes(), result.ContainerSignature, result.MinerSignature, big.NewInt(int64(task.TaskWorkload)).Bytes()),
 		big.NewInt(now).Bytes())

utils/crypto.go

@@ -36,5 +36,8 @@ func HexToPubkey(key string) (*ecdsa.PublicKey, error) {
 	if err != nil {
 		return nil, err
 	}
+	if len(pub) > 65 {
+		pub = pub[:65]
+	}
 	return crypto.UnmarshalPubkey(pub)
 }