@freedomofpress/cometbft 0.1.0 → 0.1.2

package/dist/validators.js

@@ -0,0 +1,55 @@
+import { base64ToUint8Array, Uint8ArrayToHex } from "./encoding";
+export async function importValidators(resp) {
+    const seen = new Set();
+    const cryptoIndex = new Map();
+    const protoValidators = [];
+    if (!resp.validators || resp.validators.length < 1) {
+        throw new Error("Missing validators");
+    }
+    let countedPower = 0n;
+    for (const v of resp.validators) {
+        if (!v.address || v.address.length !== 40) {
+            throw new Error(`Validator address must be 40 HEX digits, provided: ${v.address}`);
+        }
+        if (!v.pub_key?.type || !v.pub_key?.value) {
+            throw new Error("Validator key object is invalid");
+        }
+        if (v.pub_key.type !== "tendermint/PubKeyEd25519") {
+            throw new Error(`Key of type ${v.pub_key.type} is currently unsupported.`);
+        }
+        const rawKey = base64ToUint8Array(v.pub_key.value);
+        const key = await crypto.subtle.importKey("raw", new Uint8Array(rawKey), { name: "Ed25519" }, false, ["verify"]);
+        const sha = new Uint8Array(await crypto.subtle.digest("SHA-256", new Uint8Array(rawKey)));
+        const addrHex = Uint8ArrayToHex(sha.slice(0, 20)).toUpperCase();
+        if (addrHex !== v.address.toUpperCase()) {
+            throw new Error(`Address ${v.address} does not match its public key`);
+        }
+        if (seen.has(addrHex)) {
+            throw new Error("Duplicate entry in validators set");
+        }
+        seen.add(addrHex);
+        cryptoIndex.set(addrHex, key);
+        const powerNum = Number(v.voting_power) || Number(v.power);
+        if (!Number.isFinite(powerNum) ||
+            !Number.isInteger(powerNum) ||
+            powerNum < 1) {
+            throw new Error(`Invalid voting power for ${addrHex}`);
+        }
+        countedPower += BigInt(powerNum);
+        const protoV = {
+            address: new Uint8Array(sha.slice(0, 20)),
+            pubKeyBytes: rawKey,
+            pubKeyType: "ed25519",
+            votingPower: BigInt(powerNum),
+            proposerPriority: 0n, // JSON gives string "0"; use 0n by default
+        };
+        protoValidators.push(protoV);
+    }
+    const protoSet = {
+        validators: protoValidators,
+        proposer: undefined,
+        totalVotingPower: countedPower,
+    };
+    return { proto: protoSet, cryptoIndex };
+}
+//# sourceMappingURL=validators.js.map

package/dist/validators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.js","sourceRoot":"","sources":["../src/validators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAIjE,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAmB;IAIxD,MAAM,IAAI,GAAgB,IAAI,GAAG,EAAE,CAAC;IACpC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAqB,CAAC;IACjD,MAAM,eAAe,GAAgB,EAAE,CAAC;IAExC,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,YAAY,GAAG,EAAE,CAAC;IAEtB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CACb,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CACb,eAAe,CAAC,CAAC,OAAO,CAAC,IAAI,4BAA4B,CAC1D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,IAAI,UAAU,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,UAAU,CACxB,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAC9D,CAAC;QACF,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAEhE,IAAI,OAAO,KAAK,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,OAAO,gCAAgC,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClB,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE9B,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAC3D,IACE,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC1B,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC;YAC3B,QAAQ,GAAG,CAAC,EACZ,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,YAAY,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEjC,MAAM,MAAM,GAAc;YACxB,OAAO,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzC,WAAW,EAAE,MAAM;YACnB,UAAU,EAAE,SAAS;YACrB,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC;YAC7B,gBAAgB,EAAE,EAAE,EAAE,2CAA2C;SAClE,CAAC;QAEF,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,QAAQ,GAAiB;QAC7B,UAAU,EAAE,eAAe;QAC3B,QAAQ,EAAE,SAAS;QACnB,gBAAgB,EAAE,YAAY;KAC/B,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AAC1C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@freedomofpress/cometbft",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "A CometBFT light client for the browser.",
   "repository": {
     "type": "git",
@@ -27,13 +27,13 @@
   "homepage": "https://github.com/freedomofpress/cometbft-ts#readme",
   "bugs": "https://github.com/freedomofpress/cometbft-ts/issues",
   "devDependencies": {
-    "@vitest/coverage-v8": "^4.0.13",
+    "@vitest/coverage-v8": "^4.0.18",
     "eslint-plugin-simple-import-sort": "^12.1.1",
     "typescript": "^5.9.3",
-    "typescript-eslint": "^8.48.0",
-    "vitest": "^4.0.13"
+    "typescript-eslint": "^8.56.1",
+    "vitest": "^4.0.18"
   },
   "dependencies": {
-    "@bufbuild/protobuf": "^2.10.1"
+    "@bufbuild/protobuf": "^2.11.0"
   }
 }

package/src/lightclient.ts

@@ -12,6 +12,175 @@ import {
 } from "./proto/cometbft/types/v1/validator";
 import { Timestamp as PbTimestamp } from "./proto/google/protobuf/timestamp";
 
+const LEAF_PREFIX = new Uint8Array([0]);
+const INNER_PREFIX = new Uint8Array([1]);
+
+function concatBytes(...parts: Uint8Array[]): Uint8Array {
+  const totalLen = parts.reduce((acc, p) => acc + p.length, 0);
+  const out = new Uint8Array(totalLen);
+  let offset = 0;
+  for (const p of parts) {
+    out.set(p, offset);
+    offset += p.length;
+  }
+  return out;
+}
+
+async function sha256(input: Uint8Array): Promise<Uint8Array> {
+  const digest = await crypto.subtle.digest("SHA-256", new Uint8Array(input));
+  return new Uint8Array(digest);
+}
+
+function encodeVarint(value: bigint): Uint8Array {
+  if (value < 0n) throw new Error("encodeVarint expects a non-negative bigint");
+  const bytes: number[] = [];
+  let v = value;
+  while (v >= 0x80n) {
+    bytes.push(Number((v & 0x7fn) | 0x80n));
+    v >>= 7n;
+  }
+  bytes.push(Number(v));
+  return new Uint8Array(bytes);
+}
+
+function encodeFieldTag(fieldNumber: number, wireType: number): Uint8Array {
+  return encodeVarint(BigInt((fieldNumber << 3) | wireType));
+}
+
+function encodeProtoBytes(fieldNumber: number, value: Uint8Array): Uint8Array {
+  return concatBytes(
+    encodeFieldTag(fieldNumber, 2),
+    encodeVarint(BigInt(value.length)),
+    value,
+  );
+}
+
+function encodeProtoUint64(fieldNumber: number, value: bigint): Uint8Array {
+  return concatBytes(encodeFieldTag(fieldNumber, 0), encodeVarint(value));
+}
+
+function encodeProtoInt64(fieldNumber: number, value: bigint): Uint8Array {
+  const v = value < 0n ? (1n << 64n) + value : value;
+  return concatBytes(encodeFieldTag(fieldNumber, 0), encodeVarint(v));
+}
+
+function cdcEncodeString(value: string): Uint8Array | undefined {
+  if (value.length === 0) return undefined;
+  return encodeProtoBytes(1, new TextEncoder().encode(value));
+}
+
+function cdcEncodeInt64(value: bigint): Uint8Array {
+  return encodeProtoInt64(1, value);
+}
+
+function cdcEncodeBytes(value: Uint8Array): Uint8Array | undefined {
+  if (value.length === 0) return undefined;
+  return encodeProtoBytes(1, value);
+}
+
+function encodeTimestamp(ts: PbTimestamp): Uint8Array {
+  const seconds = encodeProtoInt64(1, ts.seconds ?? 0n);
+  const nanos = ts.nanos
+    ? concatBytes(encodeFieldTag(2, 0), encodeVarint(BigInt(ts.nanos)))
+    : new Uint8Array(0);
+  return concatBytes(seconds, nanos);
+}
+
+function encodePartSetHeader(total: number, hash: Uint8Array): Uint8Array {
+  return concatBytes(
+    encodeProtoUint64(1, BigInt(total)),
+    encodeProtoBytes(2, hash),
+  );
+}
+
+function encodeBlockId(
+  hash: Uint8Array,
+  partSetTotal: number,
+  partSetHash: Uint8Array,
+): Uint8Array {
+  const psh = encodePartSetHeader(partSetTotal, partSetHash);
+  return concatBytes(encodeProtoBytes(1, hash), encodeProtoBytes(2, psh));
+}
+
+async function merkleLeafHash(leaf: Uint8Array): Promise<Uint8Array> {
+  return sha256(concatBytes(LEAF_PREFIX, leaf));
+}
+
+async function merkleInnerHash(
+  left: Uint8Array,
+  right: Uint8Array,
+): Promise<Uint8Array> {
+  return sha256(concatBytes(INNER_PREFIX, left, right));
+}
+
+function merkleSplitPoint(length: number): number {
+  if (length < 1) throw new Error("Trying to split a tree with size < 1");
+  const bitLen = Math.floor(Math.log2(length)) + 1;
+  let k = 1 << (bitLen - 1);
+  if (k === length) k >>= 1;
+  return k;
+}
+
+async function merkleHashFromByteSlices(
+  items: Uint8Array[],
+): Promise<Uint8Array> {
+  if (items.length === 0) return sha256(new Uint8Array(0));
+  if (items.length === 1) return merkleLeafHash(items[0]);
+
+  const k = merkleSplitPoint(items.length);
+  const left = await merkleHashFromByteSlices(items.slice(0, k));
+  const right = await merkleHashFromByteSlices(items.slice(k));
+  return merkleInnerHash(left, right);
+}
+
+async function computeHeaderHash(
+  header: SignedHeader["header"],
+): Promise<Uint8Array> {
+  if (!header) throw new Error("SignedHeader missing header");
+  if (!header.lastBlockId || !header.lastBlockId.partSetHeader) {
+    throw new Error("Header lastBlockId is missing");
+  }
+  if (!header.time) throw new Error("Header time is missing");
+
+  const version = concatBytes(
+    encodeProtoUint64(1, header.version?.block ?? 0n),
+    encodeProtoUint64(2, header.version?.app ?? 0n),
+  );
+
+  const lastBlockId = encodeBlockId(
+    header.lastBlockId.hash,
+    header.lastBlockId.partSetHeader.total,
+    header.lastBlockId.partSetHeader.hash,
+  );
+
+  const fields: Uint8Array[] = [
+    version,
+    cdcEncodeString(header.chainId),
+    cdcEncodeInt64(header.height),
+    encodeTimestamp(header.time),
+    lastBlockId,
+    cdcEncodeBytes(header.lastCommitHash),
+    cdcEncodeBytes(header.dataHash),
+    cdcEncodeBytes(header.validatorsHash),
+    cdcEncodeBytes(header.nextValidatorsHash),
+    cdcEncodeBytes(header.consensusHash),
+    cdcEncodeBytes(header.appHash),
+    cdcEncodeBytes(header.lastResultsHash),
+    cdcEncodeBytes(header.evidenceHash),
+    cdcEncodeBytes(header.proposerAddress),
+  ].filter((x): x is Uint8Array => Boolean(x));
+
+  return merkleHashFromByteSlices(fields);
+}
+
+function bytesEqual(a: Uint8Array, b: Uint8Array): boolean {
+  if (a.length !== b.length) return false;
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false;
+  }
+  return true;
+}
+
 export type CryptoIndex = Map<string, CryptoKey>;
 
 export interface VerifyOutcome {
@@ -133,6 +302,13 @@ export async function verifyCommit(
   const partsHash: Uint8Array = bid.partSetHeader.hash;
   const partsTotal: number = bid.partSetHeader.total;
 
+  const expectedBlockHash = await computeHeaderHash(header);
+  if (!bytesEqual(expectedBlockHash, blockIdHash)) {
+    throw new Error(
+      "Header hash does not match commit BlockID hash (header fields were tampered or inconsistent)",
+    );
+  }
+
   let signedPower = 0n;
   const unknown: string[] = [];
   const invalid: string[] = [];

package/src/tests/lightclient.test.ts

@@ -38,7 +38,7 @@ describe("lightclient.verifyCommit", () => {
     expect(out.countedSignatures).toBeGreaterThan(0);
   });
 
-  it("fails quorum and invalidates all signatures when block_id.hash is tampered", async () => {
+  it("throws when commit block_id.hash does not match the header hash", async () => {
     const vResp = validatorsFixture as unknown as ValidatorJson;
     const { proto: vset, cryptoIndex } = await importValidators(vResp);
 
@@ -48,11 +48,26 @@ describe("lightclient.verifyCommit", () => {
       h.slice(0, -2) + (h.slice(-2) === "00" ? "01" : "00");
 
     const sh = importCommit(badCommit as CommitJson);
-    const out = await verifyCommit(sh, vset, cryptoIndex);
 
-    expect(out.quorum).toBe(false);
-    expect(out.invalidSignatures.length).toBe(out.countedSignatures);
-    expect(out.ok).toBe(false);
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /header hash does not match commit blockid hash/i,
+    );
+  });
+
+  it("throws when app_hash is tampered", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+
+    const badHeader = clone(commitFixture) as any;
+    const appHash: string = badHeader.signed_header.header.app_hash;
+    badHeader.signed_header.header.app_hash =
+      appHash.slice(0, -2) + (appHash.slice(-2) === "00" ? "01" : "00");
+
+    const sh = importCommit(badHeader as CommitJson);
+
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /header hash does not match commit blockid hash/i,
+    );
   });
 
   it("drops below 2/3 quorum when two votes are ABSENT", async () => {

package/src/tests/webcat.test.ts

@@ -1,7 +1,7 @@
 import { describe, expect, it } from "vitest";
 
 import { importCommit } from "../commit";
-import { Uint8ArrayToBase64, Uint8ArrayToHex } from "../encoding";
+import { Uint8ArrayToBase64 } from "../encoding";
 import { verifyCommit } from "../lightclient";
 import type { CommitJson, ValidatorJson } from "../types";
 import { importValidators } from "../validators";
@@ -12,51 +12,34 @@ function clone<T>(x: T): T {
 }
 
 describe("lightclient.verifyCommit", () => {
-  it("verifies a valid commit against the validator set", async () => {
+  it("rejects this fixture when header hash does not match commit block_id.hash", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = blockFixture as unknown as CommitJson;
 
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    const out = await verifyCommit(sh, vset, cryptoIndex);
-
-    expect(out.quorum).toBe(true);
-    expect(out.ok).toBe(true);
-    expect(out.signedPower > 0n).toBe(true);
-    expect(out.signedPower <= out.totalPower).toBe(true);
-    expect(out.headerTime).toBeDefined();
-    expect(out.appHash instanceof Uint8Array).toBe(true);
-    expect(out.blockIdHash instanceof Uint8Array).toBe(true);
-    expect(out.unknownValidators.length).toBe(0);
-    expect(out.invalidSignatures.length).toBe(0);
-    expect(out.countedSignatures).toBeGreaterThan(0);
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /header hash does not match commit blockid hash/i,
+    );
   });
 
-  it("flags invalid signatures", async () => {
+  it("throws when commit block_id.hash does not match header hash", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = clone(blockFixture) as unknown as CommitJson;
 
-    // Flip one byte of the BlockID hash to keep the signature well-formed but
-    // cryptographically invalid for the mutated sign-bytes.
     commit.signed_header.commit.block_id.hash =
       "3A1D00CC2A092465E85EA2C24986BEE0105285039DC1873BB6B0CA7F610EC89D";
 
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    const out = await verifyCommit(sh, vset, cryptoIndex);
-
-    expect(out.quorum).toBe(false);
-    expect(out.ok).toBe(false);
-    expect(out.signedPower).toBe(0n);
-    expect(out.invalidSignatures).toEqual([
-      Uint8ArrayToHex(vset.validators[0].address).toUpperCase(),
-    ]);
-    expect(out.countedSignatures).toBe(1);
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /header hash does not match commit blockid hash/i,
+    );
   });
 
-  it("flags invalid signatures", async () => {
+  it("still rejects on header/commit hash mismatch even when a signature is corrupted", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = clone(blockFixture) as unknown as CommitJson;
 
@@ -67,15 +50,9 @@ describe("lightclient.verifyCommit", () => {
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    const out = await verifyCommit(sh, vset, cryptoIndex);
-
-    expect(out.quorum).toBe(false);
-    expect(out.ok).toBe(false);
-    expect(out.signedPower).toBe(0n);
-    expect(out.invalidSignatures).toEqual([
-      Uint8ArrayToHex(vset.validators[0].address).toUpperCase(),
-    ]);
-    expect(out.countedSignatures).toBe(1);
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /header hash does not match commit blockid hash/i,
+    );
   });
 
   it("rejects malformed signature bytes", async () => {
@@ -90,7 +67,7 @@ describe("lightclient.verifyCommit", () => {
     );
   });
 
-  it("reports unknown validators", async () => {
+  it("still rejects on header/commit hash mismatch even when validator is unknown", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = clone(blockFixture) as unknown as CommitJson;
 
@@ -100,15 +77,8 @@ describe("lightclient.verifyCommit", () => {
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    const out = await verifyCommit(sh, vset, cryptoIndex);
-
-    expect(out.quorum).toBe(false);
-    expect(out.ok).toBe(false);
-    expect(out.signedPower).toBe(0n);
-    expect(out.invalidSignatures).toEqual([]);
-    expect(out.unknownValidators).toEqual([
-      "0000000000000000000000000000000000000000",
-    ]);
-    expect(out.countedSignatures).toBe(0);
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /header hash does not match commit blockid hash/i,
+    );
   });
 });