Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Claim verification #67

Merged
merged 7 commits into from
Aug 10, 2023
Merged

Fix: Claim verification #67

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5f60778
add ed25519 extern
amityadav0 Aug 10, 2023
3a26184
fix
amityadav0 Aug 10, 2023
be5af5f
Merge branch 'master' into test-fix
amityadav0 Aug 10, 2023
850bb8d
Apply suggestions from code review
amityadav0 Aug 10, 2023
ca32afe
updates
amityadav0 Aug 10, 2023
33c7382
merge
amityadav0 Aug 10, 2023
4f68c7f
Apply suggestions from code review
robert-zaremba Aug 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 48 additions & 24 deletions contracts/oracle/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use ed25519_dalek::{PublicKey, Signature, Verifier, PUBLIC_KEY_LENGTH};
use ed25519_dalek::{PUBLIC_KEY_LENGTH};
use near_sdk::borsh::{self, BorshDeserialize, BorshSerialize};
use near_sdk::collections::{LazyOption, UnorderedSet};
use near_sdk::serde::Serialize;
Expand Down Expand Up @@ -130,12 +130,11 @@ impl Contract {
));
}

let sig = b64_decode("claim_sig", claim_sig)?;
let claim_bytes = b64_decode("claim_b64", claim_b64)?;
// let claim = Claim::deserialize(&mut &claim_bytes[..])
let claim = Claim::try_from_slice(&claim_bytes)
.map_err(|_| CtrError::Borsh("claim".to_string()))?;
verify_claim(&self.authority_pubkey, claim_bytes, sig)?;
let signature = sig_from_b64(claim_sig);
verify_claim(&self.authority_pubkey, claim_bytes, &signature)?;

if claim.verified_kyc {
require!(
Expand Down Expand Up @@ -299,18 +298,43 @@ impl Contract {
// - fn sbt_renew
}

mod sys {
extern "C" {
pub fn ed25519_verify(
sig_len: u64,
sig_ptr: u64,
msg_len: u64,
msg_ptr: u64,
pub_key_len: u64,
pub_key_ptr: u64,
) -> u64;
}
}

pub fn ed25519_verify(signature: &[u8; 64], message: &[u8], public_key: &[u8; 32]) -> bool {
unsafe {
sys::ed25519_verify(
signature.len() as _,
signature.as_ptr() as _,
message.len() as _,
message.as_ptr() as _,
public_key.len() as _,
public_key.as_ptr() as _,
) == 1
}
}

fn verify_claim(
pubkey: &[u8; PUBLIC_KEY_LENGTH],
claim: Vec<u8>,
claim_sig: Vec<u8>,
claim_sig: &[u8; 64],
) -> Result<(), CtrError> {
let pk = PublicKey::from_bytes(pubkey).unwrap();
let sig = match Signature::from_bytes(&claim_sig) {
Ok(sig) => sig,
Err(_) => return Err(CtrError::Signature("malformed signature".to_string())),
};
pk.verify(&claim, &sig)
.map_err(|_| CtrError::Signature("invalid signature".to_string()))
let valid = ed25519_verify(claim_sig, &claim, pubkey);
if !valid {
return Err(CtrError::Signature("invalid signature".to_string()))
} else {
Ok(())
}
}

#[near_bindgen]
Expand Down Expand Up @@ -561,8 +585,8 @@ mod tests {
let claim_sig_b64 = "38X2TnWgc6moc4zReAJFQ7BjtOUlWZ+i3YQl9gSMOXwnm5gupfHV/YGmGPOek6SSkotT586d4zTTT2U8Qh3GBw==".to_owned();

let claim_bytes = b64_decode("claim_b64", claim_b64.clone()).unwrap();
let sig = b64_decode("claim_sig", claim_sig_b64.clone()).unwrap();
verify_claim(&ctr.authority_pubkey, claim_bytes, sig).unwrap();
let sig = sig_from_b64(claim_sig_b64.clone());
verify_claim(&ctr.authority_pubkey, claim_bytes, &sig).unwrap();

let r = ctr.sbt_mint(claim_b64, claim_sig_b64, None);
match r {
Expand Down Expand Up @@ -647,7 +671,7 @@ mod tests {
let res = verify_claim(
&k.public.to_bytes(),
claim_bytes,
b64_decode("sig", sig).unwrap(),
&sig_from_b64(sig),
);
assert!(res.is_ok(), "verification result: {:?}", res);
}
Expand Down Expand Up @@ -688,13 +712,13 @@ mod tests {
assert_eq!(c, claim2, "serialization should work");
}

#[allow(dead_code)]
// #[test]
fn sig_deserialization_check() {
let sig_b64 =
"o8MGudK9OrdNKVCMhjF7rEv9LangB+PdjxuQ0kgglCskZX7Al4JPrwf7tRlT252kiNpJaGPURgAvAA==";
let sig_bz = b64_decode("sig", sig_b64.to_string()).unwrap();
println!("sig len: {}", sig_bz.len());
Signature::from_bytes(&sig_bz).unwrap();
}
// #[allow(dead_code)]
// // #[test]
// fn sig_deserialization_check() {
// let sig_b64 =
// "o8MGudK9OrdNKVCMhjF7rEv9LangB+PdjxuQ0kgglCskZX7Al4JPrwf7tRlT252kiNpJaGPURgAvAA==";
// let sig_bz = b64_decode("sig", sig_b64.to_string()).unwrap();
// println!("sig len: {}", sig_bz.len());
// Signature::from_bytes(&sig_bz).unwrap();
// }
}
amityadav0 marked this conversation as resolved.
Show resolved Hide resolved
5 changes: 5 additions & 0 deletions contracts/oracle/src/util.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ pub fn pubkey_from_b64(pubkey: String) -> [u8; PUBLIC_KEY_LENGTH] {
pk_bz.try_into().expect("authority pubkey must be 32 bytes")
}

pub fn sig_from_b64(sig: String) -> [u8; 64] {
let sig_bz = base64::decode(sig).expect("signature is not a valid standard base64");
amityadav0 marked this conversation as resolved.
Show resolved Hide resolved
sig_bz.try_into().expect("signature must be 64 bytes")
}

/// only root accounts and implicit accounts are supported
pub(crate) fn is_supported_account(account: Chars) -> bool {
let mut num_dots = 0;
Expand Down
Loading