Add support for extra transaction signature validation

- Restructures `STTx` signature checking code to be able to handle a `sigObject`, which may be the full transaction, or may be an object field containing a separate signature. Either way, the `sigObject` can be a single- or multi-sign signature. - This is distinct from 550f90a75e (#5594), which changed the check in Transactor, which validates whether a given account is allowed to sign for the given transaction. This cryptographically checks the signature validity.
2025-12-06 17:27:55 +00:00 · 2025-10-03 14:56:39 -04:00
parent 5d79bfc531
commit 23045fcbef
2 changed files with 129 additions and 49 deletions
--- a/include/xrpl/protocol/STTx.h
+++ b/include/xrpl/protocol/STTx.h
@@ -88,7 +88,13 @@ public:

    // Outer transaction functions / signature functions.
    Blob
-    getSignature() const;
+    getSignature(STObject const& sigObject) const;
+
+    Blob
+    getSignature() const
+    {
+        return getSignature(*this);
+    }

    uint256
    getSigningHash() const;
@@ -119,13 +125,34 @@ public:
    getJson(JsonOptions options, bool binary) const;

    void
-    sign(PublicKey const& publicKey, SecretKey const& secretKey);
+    sign(
+        PublicKey const& publicKey,
+        SecretKey const& secretKey,
+        std::optional<std::reference_wrapper<SField const>> signatureTarget =
+            {});

-    /** Check the signature.
-        @return `true` if valid signature. If invalid, the error message string.
-    */
    enum class RequireFullyCanonicalSig : bool { no, yes };

+    /** Check the signature.
+        @param requireCanonicalSig If `true`, check that the signature is fully
+            canonical. If `false`, only check that the signature is valid.
+        @param rules The current ledger rules.
+        @param pSig Pointer to object that contains the signature fields, if not
+            using "this". Will most often be null
+        @return `true` if valid signature. If invalid, the error message string.
+    */
+    Expected<void, std::string>
+    checkSign(
+        RequireFullyCanonicalSig requireCanonicalSig,
+        Rules const& rules,
+        STObject const* pSig) const;
+
+    /** Check the signature.
+        @param requireCanonicalSig If `true`, check that the signature is fully
+            canonical. If `false`, only check that the signature is valid.
+        @param rules The current ledger rules.
+        @return `true` if valid signature. If invalid, the error message string.
+    */
    Expected<void, std::string>
    checkSign(RequireFullyCanonicalSig requireCanonicalSig, Rules const& rules)
        const;
@@ -155,12 +182,15 @@ public:

 private:
    Expected<void, std::string>
-    checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const;
+    checkSingleSign(
+        RequireFullyCanonicalSig requireCanonicalSig,
+        STObject const* pSig) const;

    Expected<void, std::string>
    checkMultiSign(
        RequireFullyCanonicalSig requireCanonicalSig,
-        Rules const& rules) const;
+        Rules const& rules,
+        STObject const* pSig) const;

    Expected<void, std::string>
    checkBatchSingleSign(