Merge pull request #32 from adamgall/support-eip1271-signatures

Support EIP1271 signatures

api/messages.go

@@ -3,6 +3,7 @@ package api
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"mime"
 	"net/http"
@@ -11,6 +12,8 @@ import (
 	"github.com/Rocket-Rescue-Node/credentials"
 	"github.com/Rocket-Rescue-Node/credentials/pb"
 	"github.com/Rocket-Rescue-Node/rescue-api/services"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
 )
 
 type response struct {
@@ -28,14 +31,47 @@ func (br *decodingError) Error() string {
 }
 
 type CreateCredentialRequest struct {
-	Address string `json:"address"`
-	Msg     string `json:"msg"`
-	Sig     string `json:"sig"`
-	Version string `json:"version"`
+	Address common.Address `json:"address"`
+	Msg     []byte         `json:"msg"`
+	Sig     []byte         `json:"sig"`
+	Version string         `json:"version"`
 
 	operatorType credentials.OperatorType `json:"-"`
 }
 
+func (c *CreateCredentialRequest) UnmarshalJSON(data []byte) error {
+	type Alias CreateCredentialRequest
+	aux := &struct {
+		Address string `json:"address"`
+		Msg     string `json:"msg"`
+		Sig     string `json:"sig"`
+
+		// Populates the `Version` field
+		*Alias
+	}{
+		Alias: (*Alias)(c),
+	}
+
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+
+	// Convert Address
+	c.Address = common.HexToAddress(aux.Address)
+
+	// Convert Msg
+	c.Msg = []byte(aux.Msg)
+
+	// Convert Sig
+	var err error
+	c.Sig, err = hexutil.Decode(aux.Sig)
+	if err != nil {
+		return fmt.Errorf("invalid signature hex: %v", err)
+	}
+
+	return nil
+}
+
 type CreateCredentialResponse struct {
 	Username  string `json:"username"`
 	Password  string `json:"password"`

api/router.go

@@ -3,11 +3,10 @@ package api
 import (
 	"encoding/hex"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/Rocket-Rescue-Node/rescue-api/services"
-	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/gorilla/mux"
 	"github.com/rs/cors"
 	"go.uber.org/zap"
@@ -18,42 +17,35 @@ type apiRouter struct {
 	logger *zap.Logger
 }
 
-func readJSONRequest(r *http.Request, logger *zap.Logger) (*[]byte, *CreateCredentialRequest, error) {
+func (ar *apiRouter) readJSONRequest(r *http.Request) (*CreateCredentialRequest, error) {
 	out := new(CreateCredentialRequest)
 
 	// Validate the request body
 	if err := validateJSONRequest(r, out); err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	logger.Info("Got valid request",
+	ar.logger.Info("Got valid request",
 		zap.String("endpoint", r.URL.Path),
-		zap.String("address", out.Address),
-		zap.String("msg", out.Msg),
-		zap.String("sig", out.Sig),
+		zap.String("address", out.Address.Hex()),
+		zap.String("msg", string(out.Msg)),
+		zap.String("sig", hexutil.Encode(out.Sig)),
 		zap.String("version", out.Version),
 		zap.Int("operator_type", int(out.operatorType)),
 	)
 
-	// Validate the message signature
-	sig, err := hex.DecodeString(strings.TrimPrefix(out.Sig, "0x"))
-	if err != nil {
-		msg := "invalid signature"
-		return nil, nil, &decodingError{status: http.StatusBadRequest, msg: msg}
-	}
-
-	return &sig, out, nil
+	return out, nil
 }
 
 func (ar *apiRouter) CreateCredential(w http.ResponseWriter, r *http.Request) error {
 	// Try to read the request
-	sig, req, err := readJSONRequest(r, ar.logger)
+	req, err := ar.readJSONRequest(r)
 	if err != nil {
 		return writeJSONError(w, err)
 	}
 
 	// Create the credential
-	cred, err := ar.svc.CreateCredentialWithRetry([]byte(req.Msg), *sig, common.HexToAddress(req.Address), req.operatorType)
+	cred, err := ar.svc.CreateCredentialWithRetry(req.Msg, req.Sig, req.Address, req.operatorType)
 	if err != nil {
 		return writeJSONError(w, err)
 	}
@@ -82,22 +74,22 @@ func (ar *apiRouter) CreateCredential(w http.ResponseWriter, r *http.Request) er
 
 func (ar *apiRouter) GetOperatorInfo(w http.ResponseWriter, r *http.Request) error {
 	// Try to read the request
-	sig, credReq, err := readJSONRequest(r, ar.logger)
+	credReq, err := ar.readJSONRequest(r)
 	if err != nil {
 		return writeJSONError(w, err)
 	}
 
 	req := (*OperatorInfoRequest)(credReq)
 
 	// Get operator info
-	operatorInfo, err := ar.svc.GetOperatorInfo([]byte(req.Msg), *sig, common.HexToAddress(req.Address), req.operatorType)
+	operatorInfo, err := ar.svc.GetOperatorInfo(req.Msg, req.Sig, req.Address, req.operatorType)
 	if err != nil {
 		return writeJSONError(w, err)
 	}
 
 	// Cred events retrieved
 	ar.logger.Info("Retrieved operator info",
-		zap.String("nodeID", req.Address),
+		zap.String("nodeID", req.Address.Hex()),
 		zap.Int("operator_type", int(req.operatorType)),
 	)
 

external/rescue_proxy.go

@@ -3,9 +3,11 @@ package external
 import (
 	"context"
 	"crypto/tls"
+	"errors"
 	"time"
 
 	proxy "github.com/Rocket-Rescue-Node/rescue-proxy/pb"
+	"github.com/ethereum/go-ethereum/common"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -32,17 +34,13 @@ func NewRescueProxyAPIClient(logger *zap.Logger, address string, secure bool) *R
 func (c *RescueProxyAPIClient) connect() error {
 	var err error
 
-	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
-	defer cancel()
-
 	// Try to connect to the Rescue Proxy API using TLS.
 	// An empty TLS config will use the system's root CAs.
 	tc := credentials.NewTLS(&tls.Config{})
-	if c.conn, err = grpc.DialContext(ctx,
+	if c.conn, err = grpc.NewClient(
 		c.address,
 		grpc.WithTransportCredentials(tc),
-		grpc.WithBlock()); err == nil {
-
+	); err == nil {
 		c.client = proxy.NewApiClient(c.conn)
 		c.logger.Debug("connected to rescue-proxy with TLS", zap.String("address", c.address))
 		return nil
@@ -56,14 +54,10 @@ func (c *RescueProxyAPIClient) connect() error {
 
 	c.logger.Debug("attempting to connect to rescue-proxy without TLS, since insecure grpc is allowed", zap.String("address", c.address))
 
-	ctx, cancel2 := context.WithTimeout(context.Background(), 1*time.Second)
-	defer cancel2()
-
-	if c.conn, err = grpc.DialContext(ctx,
+	if c.conn, err = grpc.NewClient(
 		c.address,
 		grpc.WithTransportCredentials(insecure.NewCredentials()),
-		grpc.WithBlock()); err != nil {
-
+	); err != nil {
 		return err
 	}
 
@@ -114,6 +108,29 @@ func (c *RescueProxyAPIClient) GetWithdrawalAddresses() ([][]byte, error) {
 	return r.GetWithdrawalAddresses(), nil
 }
 
+func (c *RescueProxyAPIClient) ValidateEIP1271(dataHash *common.Hash, signature *[]byte, address *common.Address) (bool, error) {
+	// Connect if not yet connected.
+	if err := c.ensureConnection(); err != nil {
+		return false, err
+	}
+	c.logger.Debug("requesting eip1271 validation")
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	r, err := c.client.ValidateEIP1271(ctx, &proxy.ValidateEIP1271Request{
+		DataHash:  dataHash.Bytes(),
+		Signature: *signature,
+		Address:   address.Bytes(),
+	})
+	if err != nil {
+		return false, err
+	}
+	rErr := r.GetError()
+	if rErr != "" {
+		return false, errors.New(rErr)
+	}
+	return r.GetValid(), nil
+}
+
 func (c *RescueProxyAPIClient) Close() error {
 	if c.conn == nil {
 		return nil

go.mod

@@ -4,14 +4,15 @@ go 1.21
 
 require (
 	github.com/Rocket-Rescue-Node/credentials v0.0.0-20240224174210-626742fc699e
-	github.com/Rocket-Rescue-Node/rescue-proxy v1.0.2
+	github.com/Rocket-Rescue-Node/rescue-proxy v1.2.3
 	github.com/ethereum/go-ethereum v1.13.5
 	github.com/gorilla/mux v1.8.1
 	github.com/jonboulle/clockwork v0.4.0
 	github.com/mattn/go-sqlite3 v1.14.18
 	github.com/rs/cors v1.10.1
+	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.26.0
-	google.golang.org/grpc v1.59.0
+	google.golang.org/grpc v1.64.0
 )
 
 require (
@@ -25,16 +26,18 @@ require (
 	github.com/consensys/bavard v0.1.13 // indirect
 	github.com/consensys/gnark-crypto v0.12.1 // indirect
 	github.com/crate-crypto/go-kzg-4844 v0.7.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/ethereum/c-kzg-4844 v0.4.0 // indirect
 	github.com/getsentry/sentry-go v0.18.0 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/holiman/uint256 v1.2.4 // indirect
 	github.com/klauspost/compress v1.16.4 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mmcloughlin/addchain v0.4.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.16.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
@@ -45,12 +48,13 @@ require (
 	github.com/supranational/blst v0.3.11 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	rsc.io/tmplfunc v0.0.3 // indirect
 )