tendermint - npm Package Compare versions

Comparing version 3.2.1 to 3.3.0

lib/verify.js

@@ -6,6 +6,8 @@ 'use strict';
 // TODO: try to load native ed25519 implementation, fall back to supercop.js
+var secp256k1 = require('secp256k1');
 
 var _require = require('./hash.js'),
     getBlockHash = _require.getBlockHash,
-    getValidatorSetHash = _require.getValidatorSetHash;
+    getValidatorSetHash = _require.getValidatorSetHash,
+    sha256 = _require.sha256;
 
@@ -156,2 +158,3 @@ var _require2 = require('./pubkey.js'),
       validatorsByAddress[validator.address] = validator;
+      validator.voting_power = safeParseInt(validator.voting_power);
     }
@@ -195,5 +198,18 @@ } catch (err) {
       var pubKey = Buffer.from(_validator.pub_key.value, 'base64');
+      var pubKeyType = _validator.pub_key.type;
 
-      // TODO: support secp256k1 sigs
-      if (!ed25519.verify(signature, signBytes, pubKey)) {
+      var validSignature = void 0;
+      switch (pubKeyType) {
+        case 'tendermint/PubKeyEd25519':
+          validSignature = ed25519.verify(signature, signBytes, pubKey);
+          break;
+
+        case 'tendermint/PubKeySecp256k1':
+          validSignature = secp256k1.verify(sha256(signBytes), signature, pubKey);
+          break;
+
+        default:
+          throw Error('Unknown pubkey type "' + _validator.pub_key.type + '"');
+      }
+      if (validSignature !== true) {
         throw Error('Invalid precommit signature');
@@ -256,5 +272,5 @@ }
 
-      validator.voting_power = safeParseInt(validator.voting_power);
-      verifyPositiveInt(validator.voting_power);
-      if (validator.voting_power === 0) {
+      var votingPower = safeParseInt(validator.voting_power);
+      verifyPositiveInt(votingPower);
+      if (votingPower === 0) {
         throw Error('Validator voting power must be > 0');
@@ -261,0 +277,0 @@ }

package.json

 {
   "name": "tendermint",
-  "version": "3.2.1",
+  "version": "3.3.0",
   "description": "A light client which talks to your Tendermint node over RPC",
@@ -23,2 +23,3 @@ "main": "index.js",
     "pumpify": "^1.3.5",
+    "secp256k1": "^3.5.2",
     "supercop.js": "^2.0.1",
@@ -25,0 +26,0 @@ "varstruct": "^6.1.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

43291

increased by1.33%

Lines of code

990

increased by1.43%

Worsened metrics

Dependency count

12

increased by9.09%

Dependency changes

• + Addedsecp256k1@^3.5.2

• + Addedbindings@1.5.0(transitive)

• + Addedbip66@1.1.5(transitive)

• + Addedbn.js@4.12.0(transitive)

• + Addedbrorand@1.1.0(transitive)

• + Addedbrowserify-aes@1.2.0(transitive)

• + Addedbuffer-xor@1.0.3(transitive)

• + Addedcreate-hmac@1.1.7(transitive)

• + Addeddrbg.js@1.0.1(transitive)

• + Addedelliptic@6.6.0(transitive)

• + Addedevp_bytestokey@1.0.3(transitive)

• + Addedfile-uri-to-path@1.0.0(transitive)

• + Addedhash.js@1.1.7(transitive)

• + Addedhmac-drbg@1.0.1(transitive)

• + Addedminimalistic-assert@1.0.1(transitive)

• + Addedminimalistic-crypto-utils@1.0.1(transitive)

• + Addednan@2.22.0(transitive)

• + Addedsecp256k1@3.8.1(transitive)