Decrypted header hash for replay protection

apps/src/lib/node/ledger/shell/finalize_block.rs

@@ -213,7 +213,7 @@ where
                         .pop()
                         .expect("Missing wrapper tx in queue")
                         .tx
-                        .raw_header_hash();
+                        .decrypted_header_hash();
                     let tx_hash_key =
                         replay_protection::get_replay_protection_key(&tx_hash);
                     self.wl_storage
@@ -321,7 +321,7 @@ where
 
                         (
                             event,
-                            Some(tx_in_queue.tx.raw_header_hash()),
+                            Some(tx_in_queue.tx.decrypted_header_hash()),
                             TxGasMeter::new_from_sub_limit(tx_in_queue.gas),
                             None,
                         )
@@ -2265,11 +2265,8 @@ mod test_finalize_block {
         let wrapper_hash_key = replay_protection::get_replay_protection_key(
             &wrapper_tx.header_hash(),
         );
-        let mut decrypted_tx = wrapper_tx;
-
-        decrypted_tx.update_header(TxType::Raw);
         let decrypted_hash_key = replay_protection::get_replay_protection_key(
-            &decrypted_tx.header_hash(),
+            &wrapper_tx.decrypted_header_hash(),
         );
 
         // merkle tree root before finalize_block
@@ -2355,7 +2352,7 @@ mod test_finalize_block {
 
         // Write inner hash in storage
         let inner_hash_key = replay_protection::get_replay_protection_key(
-            &wrapper_tx.raw_header_hash(),
+            &wrapper_tx.decrypted_header_hash(),
         );
         shell
             .wl_storage
@@ -2432,7 +2429,7 @@ mod test_finalize_block {
             &wrapper.header_hash(),
         );
         let inner_hash_key = replay_protection::get_replay_protection_key(
-            &wrapper.raw_header_hash(),
+            &wrapper.decrypted_header_hash(),
         );
 
         let processed_tx = ProcessedTx {

apps/src/lib/node/ledger/shell/mod.rs

@@ -923,10 +923,9 @@ where
     pub fn replay_protection_checks(
         &self,
         wrapper: &Tx,
-        tx_bytes: &[u8],
         temp_wl_storage: &mut TempWlStorage<D, H>,
     ) -> Result<()> {
-        let inner_tx_hash = wrapper.raw_header_hash();
+        let inner_tx_hash = wrapper.decrypted_header_hash();
         let inner_hash_key =
             replay_protection::get_replay_protection_key(&inner_tx_hash);
         if temp_wl_storage
@@ -945,9 +944,7 @@ where
             .write(&inner_hash_key, vec![])
             .expect("Couldn't write inner transaction hash to write log");
 
-        let tx =
-            Tx::try_from(tx_bytes).expect("Deserialization shouldn't fail");
-        let wrapper_hash = tx.header_hash();
+        let wrapper_hash = wrapper.header_hash();
         let wrapper_hash_key =
             replay_protection::get_replay_protection_key(&wrapper_hash);
         if temp_wl_storage
@@ -1253,7 +1250,7 @@ where
                 }
 
                 // Replay protection check
-                let inner_tx_hash = tx.raw_header_hash();
+                let inner_tx_hash = tx.decrypted_header_hash();
                 let inner_hash_key =
                     replay_protection::get_replay_protection_key(
                         &inner_tx_hash,
@@ -2492,7 +2489,7 @@ mod tests {
             )
         );
 
-        let inner_tx_hash = wrapper.raw_header_hash();
+        let inner_tx_hash = wrapper.decrypted_header_hash();
         // Write inner hash in storage
         let inner_hash_key =
             replay_protection::get_replay_protection_key(&inner_tx_hash);

apps/src/lib/node/ledger/shell/prepare_proposal.rs

@@ -246,7 +246,7 @@ where
             tx_gas_meter.add_tx_size_gas(tx_bytes).map_err(|_| ())?;
 
             // Check replay protection
-            self.replay_protection_checks(&tx, tx_bytes, temp_wl_storage)
+            self.replay_protection_checks(&tx, temp_wl_storage)
                 .map_err(|_| ())?;
 
             // Check fees
@@ -1279,7 +1279,7 @@ mod test_prepare_proposal {
             [(0, keypair)].into_iter().collect(),
             None,
         )));
-        let inner_unsigned_hash = wrapper.raw_header_hash();
+        let inner_unsigned_hash = wrapper.decrypted_header_hash();
 
         // Write inner hash to storage
         let hash_key =

apps/src/lib/node/ledger/shell/process_proposal.rs

@@ -721,7 +721,8 @@ where
                 metadata.has_decrypted_txs = true;
                 match tx_queue_iter.next() {
                     Some(wrapper) => {
-                        if wrapper.tx.raw_header_hash() != tx.raw_header_hash()
+                        if wrapper.tx.decrypted_header_hash()
+                            != tx.decrypted_header_hash()
                         {
                             TxResult {
                                 code: ErrorCodes::InvalidOrder.into(),
@@ -842,11 +843,9 @@ where
                     }
                 } else {
                     // Replay protection checks
-                    if let Err(e) = self.replay_protection_checks(
-                        &tx,
-                        tx_bytes,
-                        temp_wl_storage,
-                    ) {
+                    if let Err(e) =
+                        self.replay_protection_checks(&tx, temp_wl_storage)
+                    {
                         return TxResult {
                             code: ErrorCodes::ReplayTx.into(),
                             info: e.to_string(),
@@ -2190,7 +2189,7 @@ mod test_process_proposal {
                     format!(
                         "Transaction replay attempt: Inner transaction hash \
                          {} already in storage",
-                        wrapper.raw_header_hash()
+                        wrapper.decrypted_header_hash()
                     )
                 );
             }
@@ -2226,7 +2225,7 @@ mod test_process_proposal {
         )));
 
         // Write inner hash to storage
-        let inner_unsigned_hash = wrapper.raw_header_hash();
+        let inner_unsigned_hash = wrapper.decrypted_header_hash();
         let hash_key =
             replay_protection::get_replay_protection_key(&inner_unsigned_hash);
         shell
@@ -2287,7 +2286,7 @@ mod test_process_proposal {
             [(0, keypair)].into_iter().collect(),
             None,
         )));
-        let inner_unsigned_hash = wrapper.raw_header_hash();
+        let inner_unsigned_hash = wrapper.decrypted_header_hash();
 
         new_wrapper.update_header(TxType::Wrapper(Box::new(WrapperTx::new(
             Fee {

benches/lib.rs

@@ -495,7 +495,7 @@ pub fn generate_foreign_key_tx(signer: &SecretKey) -> Tx {
         .unwrap(),
     ));
     tx.add_section(Section::Signature(Signature::new(
-        tx.raw_header_hash(),
+        tx.decrypted_header_hash(),
         [(0, signer.clone())].into_iter().collect(),
         None,
     )));

core/src/proto/types.rs

@@ -1239,10 +1239,10 @@ impl Tx {
         Section::Header(self.header.clone()).get_hash()
     }
 
-    /// Gets the hash of the raw transaction's header
-    pub fn raw_header_hash(&self) -> crate::types::hash::Hash {
+    /// Gets the hash of the decrypted transaction's header
+    pub fn decrypted_header_hash(&self) -> crate::types::hash::Hash {
         let mut raw_header = self.header();
-        raw_header.tx_type = TxType::Raw;
+        raw_header.tx_type = TxType::Decrypted(DecryptedTx::Decrypted);
 
         Section::Header(raw_header).get_hash()
     }
@@ -1261,13 +1261,6 @@ impl Tx {
         if self.header_hash() == *hash {
             return Some(Cow::Owned(Section::Header(self.header.clone())));
         }
-        if self.raw_header_hash() == *hash {
-            // Raw transaction header for signature verification
-            let mut raw_header = self.header();
-            raw_header.tx_type = TxType::Raw;
-
-            return Some(Cow::Owned(Section::Header(raw_header)));
-        }
         for section in &self.sections {
             if section.get_hash() == *hash {
                 return Some(Cow::Borrowed(section));
@@ -1737,7 +1730,7 @@ impl Tx {
         self.protocol_filter();
 
         self.add_section(Section::Signature(Signature::new(
-            self.raw_header_hash(),
+            self.decrypted_header_hash(),
             account_public_keys_map.index_secret_keys(keypairs),
             signer,
         )));
@@ -1751,7 +1744,7 @@ impl Tx {
     ) -> &mut Self {
         self.protocol_filter();
         let mut pk_section = Signature {
-            target: self.raw_header_hash(),
+            target: self.decrypted_header_hash(),
             signatures: BTreeMap::new(),
             signer: Signer::PubKeys(vec![]),
         };
@@ -1762,7 +1755,7 @@ impl Tx {
                 // Add the signature under the given multisig address
                 let section =
                     sections.entry(addr.clone()).or_insert_with(|| Signature {
-                        target: self.raw_header_hash(),
+                        target: self.decrypted_header_hash(),
                         signatures: BTreeMap::new(),
                         signer: Signer::Address(addr.clone()),
                     });

core/src/types/transaction/mod.rs

@@ -234,7 +234,7 @@ mod test_process_tx {
             .set_data(Data::new("transaction data".as_bytes().to_owned()))
             .clone();
         tx.add_section(Section::Signature(Signature::new(
-            tx.raw_header_hash(),
+            tx.decrypted_header_hash(),
             [(0, gen_keypair())].into_iter().collect(),
             None,
         )));

shared/src/ledger/protocol/mod.rs

@@ -258,7 +258,7 @@ where
 
     // If wrapper was succesful, write inner tx hash to storage
     let inner_hash_key = replay_protection::get_replay_protection_key(
-        &hash::Hash(tx.raw_header_hash().0),
+        &hash::Hash(tx.decrypted_header_hash().0),
     );
     shell_params
         .wl_storage

vp_prelude/src/lib.rs

@@ -91,7 +91,7 @@ pub fn verify_signatures(ctx: &Ctx, tx: &Tx, owner: &Address) -> VpResult {
     // Serialize parameters
     let max_signatures = max_signatures_per_transaction.try_to_vec().unwrap();
     let public_keys_map = public_keys_index_map.try_to_vec().unwrap();
-    let targets = tx.raw_header_hash().try_to_vec().unwrap();
+    let targets = tx.decrypted_header_hash().try_to_vec().unwrap();
     let signer = owner.try_to_vec().unwrap();
 
     let valid = unsafe {

wasm/checksums.json

@@ -1,22 +1,22 @@
 {
-    "tx_bond.wasm": "tx_bond.b322054eef9d45e299384b2a363049ce0b0160a0c4781ca357aa59970904726c.wasm",
-    "tx_bridge_pool.wasm": "tx_bridge_pool.6f6ad3b95e21072af9e854e374fa0d7f691f0743da8cf52a643ed1bdb0e16611.wasm",
-    "tx_change_validator_commission.wasm": "tx_change_validator_commission.9310e0a0b7c14fc7c2427040da8c91eb4067babfaaea9e3b646edbfdd09c8069.wasm",
-    "tx_ibc.wasm": "tx_ibc.54313469bcc9bcaabf661177f88cb90ac9008f542edbf686f286a02f8cdbfd41.wasm",
-    "tx_init_account.wasm": "tx_init_account.10ee01dac5325685360119ba8e4b597d776a018ea4c9ac3534dd876ec377789e.wasm",
-    "tx_init_proposal.wasm": "tx_init_proposal.04cad5a3a71f833a5867bca3ced54b06d34ad07f3f21877599d38581d362ba10.wasm",
-    "tx_init_validator.wasm": "tx_init_validator.16d53a09e5df06400849aaa161c35e4e377284692f73a71dcbd4573656da7f64.wasm",
-    "tx_resign_steward.wasm": "tx_resign_steward.b5d92c1bd196be0d196ef16e2ceed9a9ced7ac61d7b177fdbad208c0e784e172.wasm",
-    "tx_reveal_pk.wasm": "tx_reveal_pk.32011ddc5316705ae005059d5916b071288a04fb4dee80854af16d61548b5c27.wasm",
-    "tx_transfer.wasm": "tx_transfer.963ec4c2705377423ddc46b4ff3de63f9b625351467d89290fa771a485710c41.wasm",
-    "tx_unbond.wasm": "tx_unbond.7f26336db8e8cfebc04d301dc4790138fdd9bc22878fe7542c3da525a09576be.wasm",
-    "tx_unjail_validator.wasm": "tx_unjail_validator.15a7a399d8fb79f8df959d0ddf4c193020886d1caab1e094cca10ea3aff44a72.wasm",
-    "tx_update_account.wasm": "tx_update_account.7b4e225a823449d3d8bffde197c439ad24f4f6c95cf754acf62b6373958c4486.wasm",
-    "tx_update_steward_commission.wasm": "tx_update_steward_commission.0001b21ef3ef4f9b33afb5a5ef75a6a5427fbe221a8350cfbd81781ac18ded6e.wasm",
-    "tx_vote_proposal.wasm": "tx_vote_proposal.727e36112fcd0753f758370dff981cc93430fe7d6f95ceb570a02a37529a7531.wasm",
-    "tx_withdraw.wasm": "tx_withdraw.e70485a8b79c5bff17d3b6ea96a7546cb709137c8a64606bdd1e77637157de33.wasm",
-    "vp_implicit.wasm": "vp_implicit.e0958c2ec06863f7bd48cd9abb67cc7557f956ce9fa6c714deba885db721fa50.wasm",
-    "vp_masp.wasm": "vp_masp.037671b60b3e9f312c1c5fdc53d040ebfad21a646b9b1e2dac6b3e20fc0d01ec.wasm",
-    "vp_user.wasm": "vp_user.0203fddde57bc31ef411370b628963486928a7c4d34614980d1a52616e0f617b.wasm",
-    "vp_validator.wasm": "vp_validator.39c685bc1407ef484f963aff9f7576273d56bbf283dcbded9f01944cf7ff9bf0.wasm"
+    "tx_bond.wasm": "tx_bond.c9fde5719da6dd63a79e0da4a099717401fbb8b7a618b3cb0778015a0773ef23.wasm",
+    "tx_bridge_pool.wasm": "tx_bridge_pool.e07070f6127f18e47fd4e43ef60f78344c0724f400ed69e8f30af31ad1bfd3cb.wasm",
+    "tx_change_validator_commission.wasm": "tx_change_validator_commission.34f0e93ee7e55410e75345c8077299f0cc4aa00aa807b09e0ff380f2709a51c8.wasm",
+    "tx_ibc.wasm": "tx_ibc.ab49f6c6164e4016b9662405ad8da2ec45d876c1e2d0b756a33a75a9e2f45d38.wasm",
+    "tx_init_account.wasm": "tx_init_account.926d20201221e325c687a39fe9d338f01fb770f6397efd3882b99493089c2ce4.wasm",
+    "tx_init_proposal.wasm": "tx_init_proposal.6a95f3f1f6ceeeb57335e122dc2ce6a99cafdaef095f00f3439da63881d73e1a.wasm",
+    "tx_init_validator.wasm": "tx_init_validator.445646b22db97882b3bbdc82a1b276b2bc8f0e18e04c0ba46c096fd5c729d593.wasm",
+    "tx_resign_steward.wasm": "tx_resign_steward.7f6810fd9901093b044d1f759a3fec6faef26fac1501d1a0c22f7c36e5b90fb4.wasm",
+    "tx_reveal_pk.wasm": "tx_reveal_pk.cf7811df8c17d38faee925fa77996e8e58abf89b3d4e196972be8b99007b682a.wasm",
+    "tx_transfer.wasm": "tx_transfer.041e11a019e88466328a2508c1754ea49c16fe8d009ffa15fa9e4a8190e8e0d5.wasm",
+    "tx_unbond.wasm": "tx_unbond.0778900cdb631687121ee4fbf1cc95cead67b337f5e5e0a92ad6c22c14c3ebd9.wasm",
+    "tx_unjail_validator.wasm": "tx_unjail_validator.616b6874bbc91a7dc8751a34cd512050695622b5c4b2eeb82ea533b5184089d6.wasm",
+    "tx_update_account.wasm": "tx_update_account.c39ff535e6b67fa65e902352795a8573aeae77ea6158e93492cecfefa7f3c475.wasm",
+    "tx_update_steward_commission.wasm": "tx_update_steward_commission.d3ae5fca19609aa2cfa126bbf7926e6ba42b0e78570d8adb38e5f9ec786153e6.wasm",
+    "tx_vote_proposal.wasm": "tx_vote_proposal.5d6493da13f1a815fe353f9d46b130b2ff779cd59bb7d89b34bb98cb4e271b3a.wasm",
+    "tx_withdraw.wasm": "tx_withdraw.df045a91abda536abbf7e68fee98cddea6d7faf0a0f0c8f8ecd6ec35b8dcead8.wasm",
+    "vp_implicit.wasm": "vp_implicit.fd0c536e007782a3b8d3672e9db119725872607a56611e748f185147ac4b3569.wasm",
+    "vp_masp.wasm": "vp_masp.856241eb315b01531ec3143eec72720b9608616a6f7bb4109c1f818f42c140dd.wasm",
+    "vp_user.wasm": "vp_user.131360a9656267034d87eaa391390be5d7007c1ffc3f88626e4e407b233c1d18.wasm",
+    "vp_validator.wasm": "vp_validator.952dcbb21bb2d0cd285e1d75b08174e29ab749ae927d78b130fb6b91bcdfe200.wasm"
 }

wasm/wasm_source/src/vp_implicit.rs

@@ -536,7 +536,7 @@ mod tests {
         tx.set_data(Data::new(vec![]));
         tx.set_code(Code::new(vec![]));
         tx.add_section(Section::Signature(Signature::new(
-            tx.raw_header_hash(),
+            tx.decrypted_header_hash(),
             pks_map.index_secret_keys(vec![secret_key]),
             None,
         )));
@@ -672,7 +672,7 @@ mod tests {
         tx.set_data(Data::new(vec![]));
         tx.set_code(Code::new(vec![]));
         tx.add_section(Section::Signature(Signature::new(
-            tx.raw_header_hash(),
+            tx.decrypted_header_hash(),
             pks_map.index_secret_keys(vec![secret_key]),
             None,
         )));
@@ -840,7 +840,7 @@ mod tests {
             tx.set_data(Data::new(vec![]));
             tx.set_code(Code::new(vec![]));
             tx.add_section(Section::Signature(Signature::new(
-                tx.raw_header_hash(),
+                tx.decrypted_header_hash(),
                 pks_map.index_secret_keys(vec![secret_key]),
                 None,
             )));
@@ -933,7 +933,7 @@ mod tests {
         tx.set_data(Data::new(vec![]));
         tx.set_code(Code::new(vec![]));
         tx.add_section(Section::Signature(Signature::new(
-            tx.raw_header_hash(),
+            tx.decrypted_header_hash(),
             pks_map.index_secret_keys(vec![secret_key]),
             None,
         )));
@@ -988,7 +988,7 @@ mod tests {
         tx.set_code(Code::new(vec![]));
         tx.set_data(Data::new(vec![]));
         tx.add_section(Section::Signature(Signature::new(
-            tx.raw_header_hash(),
+            tx.decrypted_header_hash(),
             pks_map.index_secret_keys(vec![secret_key]),
             None,
         )));

wasm/wasm_source/src/vp_testnet_faucet.rs

@@ -267,7 +267,7 @@ mod tests {
         tx.set_data(Data::new(vec![]));
         tx.set_code(Code::new(vec![]));
         tx.add_section(Section::Signature(Signature::new(
-            tx.raw_header_hash(),
+            tx.decrypted_header_hash(),
             pks_map.index_secret_keys(vec![keypair]),
             None,
         )));
@@ -404,7 +404,7 @@ mod tests {
         tx_data.set_data(Data::new(solution_bytes));
         tx_data.set_code(Code::new(vec![]));
         tx_data.add_section(Section::Signature(Signature::new(
-            vec![tx_data.raw_header_hash()],
+            vec![tx_data.decrypted_header_hash()],
             [(0, target_key)].into_iter().collect(),
             None,
         )));
@@ -458,7 +458,7 @@ mod tests {
             tx.set_data(Data::new(vec![]));
             tx.set_code(Code::new(vec![]));
             tx.add_section(Section::Signature(Signature::new(
-                tx.raw_header_hash(),
+                tx.decrypted_header_hash(),
                 pks_map.index_secret_keys(vec![keypair]),
                 None,
             )));