Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stratum v2 handshake fails cert validation #38

Open
1 task done
jakubtrnka opened this issue Mar 8, 2024 · 3 comments
Open
1 task done

Stratum v2 handshake fails cert validation #38

jakubtrnka opened this issue Mar 8, 2024 · 3 comments
Labels
bug

Comments

@jakubtrnka
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current behaviour

Noise handshake fails if NOISE_SIGNATURE_MESSAGE validation is enforced.

Expected behaviour

The signature should be validated successfully

Steps to reproduce

  1. Run ./bitcoind -regtest -sv2 -debug=sv2 -loglevel=sv2:trace
  2. copy authority key 2024-03-08T15:27:58Z Template Provider authority key: 9bNYLvwTgfh9Ez9REW9giPcXgKi3HTijS5bSJvgF47gRdQmsveT
  3. Attach a client stratum-v2 application. Enforce signature validation with respect to authority 9bNYLvwTgfh9Ez9REW9giPcXgKi3HTijS5bSJvgF47gRdQmsveT

Relevant log output

my logs

2024-03-08T15:45:18.095056Z TRACE initiator:init-step0: ii_noise_core::cryptography::noise_nx_secp256k1_chachapoly_sha256: ephemeral key [64 bytes] total_bytes_sent=64
2024-03-08T15:45:18.095119Z TRACE initiator: ii_stratum2_noise::stratum_handshake::initiator: -> e [64 bytes]
2024-03-08T15:45:18.246834Z TRACE initiator:init-step1: ii_noise_core::cryptography::noise_nx_secp256k1_chachapoly_sha256: bytes_read=234
2024-03-08T15:45:18.246969Z TRACE initiator:init-step1: ii_noise_core::cryptography::noise_nx_secp256k1_chachapoly_sha256: remote ephemeral key [64 bytes], remote static key [80 bytes], encrypted payload [90 bytes] total_bytes_received=234
2024-03-08T15:45:18.250441Z TRACE initiator: ii_stratum2_noise::stratum_handshake::initiator: <- e, ee, s, es [payload: 74 bytes]
2024-03-08T15:45:18.250562Z TRACE initiator: ii_stratum2_noise::stratum_handshake: Time and signature validation of server certificate version=0 valid_from=1709908078 not_valid_after=4294967295 server_static_key=9buWsBdB1WEsGTn95Q2qM8A4RHvE3RbnuFWhQk7u3JWkNyiKzr7 signature=6zqN4Z9hNx35e2NEeVMQGK7V1GgBPNRSjdvucBkSjR4M5V7tB8aE4sEgct5sixCkHUDp4YYYM3CNWLxeVXj8hiy authority=9bNYLvwTgfh9Ez9REW9giPcXgKi3HTijS5bSJvgF47gRdQmsveT
Error: Initialization failure Signature is invalid

Caused by:
    0: Signature is invalid
    1: Signature is invalid

logs on TP on start

2024-03-08T15:27:58Z [sv2] Reading cached static key from /home/kuba/.bitcoin/regtest/sv2_static_key
2024-03-08T15:27:58Z msghand thread start
2024-03-08T15:27:58Z [sv2:info] Static key: 02a7e5a29bf028e6c8191f88b508edce7734282dd8bafeeb2b26bb92ebdd8c0027
2024-03-08T15:27:58Z dnsseed thread start
2024-03-08T15:27:58Z Loading addresses from DNS seed dummySeed.invalid.
2024-03-08T15:27:58Z Template Provider authority key: 9bNYLvwTgfh9Ez9REW9giPcXgKi3HTijS5bSJvgF47gRdQmsveT
2024-03-08T15:27:58Z [sv2:trace] Authority key: 6190cafb7c16ffd34900472108ab76d2289f08cc32e87ed7e4e1e02f248ca769
2024-03-08T15:27:58Z [sv2:trace] Certificate hashed data: 00006e20eb65ffffffff
2024-03-08T15:27:58Z init message: Done loading
2024-03-08T15:27:58Z sv2 thread start
2024-03-08T15:27:58Z Leaving InitialBlockDownload (latching to false)
2024-03-08T15:27:58Z [sv2:info] Template Provider listening on port: 18447

How did you obtain Bitcoin Core

Compiled from source

What version of Bitcoin Core are you using?

2024/02/sv2-poll-ellswift@8b42c0f7d5

Operating system and version

arch linux

Machine specifications

No response
@jakubtrnka jakubtrnka added the bug label Mar 8, 2024
@Sjors Sjors changed the title Stratum v2 handshake Stratum v2 handshake fails cert validation Mar 8, 2024
@Sjors
Copy link
Owner

Sjors commented Mar 8, 2024
edited
Loading

Can you try this again with the sv2 branch (bitcoin#29432). They're probably the same, apart from rebases b171a79.

Did you check that your server_static_key=9buWsBdB1WEsGTn95Q2qM8A4RHvE3RbnuFWhQk7u3JWkNyiKzr7 (base58) matches the hex encoded static key 02a7e5a29bf028e6c8191f88b508edce7734282dd8bafeeb2b26bb92ebdd8c0027 printed by the template provider?

I'm assuming the valid_from and not_valid_after fields were not the issue?

One next step for debugging would to be log and compare "Certificate hashed data" with 00006e20eb65ffffffff.

Were you able to connect to an SRI role? Last time I tested I was able to connect from various SRI roles to the Template Provider, including certificate verification.

@Sjors
Copy link
Owner

Sjors commented Mar 8, 2024

I just looked up the commit hash you used: 8b42c0f

It's from before we fixed the certificate checking in SRI stratum-mining/stratum#752

This branch contains a workaround for this bug: f00ef11

That's why the "Certificate hashed data" data is so short: it doesn't include the static key.

Hopefully switching to my sv2 branch will magically fix things for you.

@Sjors
Copy link
Owner

Sjors commented Jul 19, 2024

Are you still seeing this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sjors @jakubtrnka