From 86ce1d2ba67b0611a8177fd57133680700302504 Mon Sep 17 00:00:00 2001 From: weichweich Date: Thu, 31 Aug 2023 09:52:35 +0200 Subject: [PATCH] remove wrapped signatures --- pallets/did/src/did_details.rs | 46 ------------------ .../src/associate_account_request.rs | 6 +-- pallets/pallet-did-lookup/src/lib.rs | 1 + pallets/pallet-did-lookup/src/signature.rs | 47 +++++++++++++++++++ support/src/signature.rs | 29 ------------ 5 files changed, 51 insertions(+), 78 deletions(-) create mode 100644 pallets/pallet-did-lookup/src/signature.rs diff --git a/pallets/did/src/did_details.rs b/pallets/did/src/did_details.rs index 579eda1787..2fb33b88da 100644 --- a/pallets/did/src/did_details.rs +++ b/pallets/did/src/did_details.rs @@ -24,7 +24,6 @@ use frame_support::{ RuntimeDebug, }; use kilt_support::{ - signature::{get_wrapped_payload, WrapType}, traits::StorageDepositCollector, Deposit, }; @@ -173,12 +172,6 @@ pub enum DidSignature { Sr25519(sr25519::Signature), /// An Ecdsa signature. Ecdsa(ecdsa::Signature), - /// A Ed25519 signature. - WrappedEd25519(ed25519::Signature), - /// A Sr25519 signature. - WrappedSr25519(sr25519::Signature), - /// An Ecdsa signature. - WrappedEcdsa(ecdsa::Signature), } impl From for DidSignature { @@ -266,45 +259,6 @@ impl, AccountId> DidVerifiableIdentifier for I { // secp256k1_ecdsa_recover_compressed Ok(DidVerificationKey::from(ecdsa::Public(recovered_pk))) } - DidSignature::WrappedEd25519(_) => { - // from_raw simply converts a byte array into a public key with no particular - // validations - let ed25519_did_key = DidVerificationKey::Ed25519(ed25519::Public::from_raw(*raw_public_key)); - let wrapped_payload = get_wrapped_payload(payload, WrapType::Substrate); - ed25519_did_key - .verify_signature(&wrapped_payload[..], signature) - .map(|_| ed25519_did_key) - } - DidSignature::WrappedSr25519(_) => { - let sr25519_did_key = DidVerificationKey::Sr25519(sr25519::Public::from_raw(*raw_public_key)); - let wrapped_payload = get_wrapped_payload(payload, WrapType::Substrate); - sr25519_did_key - .verify_signature(&wrapped_payload[..], signature) - .map(|_| sr25519_did_key) - } - DidSignature::WrappedEcdsa(_) => { - let ecdsa_signature: [u8; 65] = signature - .encode() - .try_into() - .map_err(|_| errors::SignatureError::InvalidData)?; - let wrapped_payload = get_wrapped_payload(payload, WrapType::Ethereum); - // ECDSA uses blake2-256 hashing algorithm for signatures, so we hash the given - // message to recover the public key. - let hashed_message = sp_io::hashing::blake2_256(&wrapped_payload[..]); - let recovered_pk: [u8; 33] = - sp_io::crypto::secp256k1_ecdsa_recover_compressed(&ecdsa_signature, &hashed_message) - .map_err(|_| errors::SignatureError::InvalidData)?; - let hashed_recovered_pk = sp_io::hashing::blake2_256(&recovered_pk); - // The hashed recovered public key must be equal to the AccountId32 value, which - // is the hashed key. - ensure!( - &hashed_recovered_pk == raw_public_key, - errors::SignatureError::InvalidData - ); - // Safe to reconstruct the public key using the recovered value from - // secp256k1_ecdsa_recover_compressed - Ok(DidVerificationKey::from(ecdsa::Public(recovered_pk))) - } } } } diff --git a/pallets/pallet-did-lookup/src/associate_account_request.rs b/pallets/pallet-did-lookup/src/associate_account_request.rs index 884eecb72b..04d03292eb 100644 --- a/pallets/pallet-did-lookup/src/associate_account_request.rs +++ b/pallets/pallet-did-lookup/src/associate_account_request.rs @@ -19,11 +19,11 @@ use crate::{ account::{AccountId20, EthereumSignature}, linkable_account::LinkableAccountId, + signature::get_wrapped_payload, }; use base58::ToBase58; use blake2::{Blake2b512, Digest}; -use kilt_support::signature::{WrapType, get_wrapped_payload}; use parity_scale_codec::{Decode, Encode, MaxEncodedLen}; use scale_info::{ prelude::{format, string::String}, @@ -47,11 +47,11 @@ impl AssociateAccountRequest { let encoded_payload = get_challenge(did_identifier, expiration).into_bytes(); match self { AssociateAccountRequest::Polkadot(acc, proof) => proof.verify( - &get_wrapped_payload(&encoded_payload[..], WrapType::Substrate)[..], + &get_wrapped_payload(&encoded_payload[..], crate::signature::WrapType::Substrate)[..], acc, ), AssociateAccountRequest::Ethereum(acc, proof) => proof.verify( - &get_wrapped_payload(&encoded_payload[..], WrapType::Ethereum)[..], + &get_wrapped_payload(&encoded_payload[..], crate::signature::WrapType::Ethereum)[..], acc, ), } diff --git a/pallets/pallet-did-lookup/src/lib.rs b/pallets/pallet-did-lookup/src/lib.rs index c2a5addd11..eb93e0ae91 100644 --- a/pallets/pallet-did-lookup/src/lib.rs +++ b/pallets/pallet-did-lookup/src/lib.rs @@ -31,6 +31,7 @@ pub mod linkable_account; pub mod migrations; mod connection_record; +mod signature; #[cfg(all(test, feature = "std"))] mod tests; diff --git a/pallets/pallet-did-lookup/src/signature.rs b/pallets/pallet-did-lookup/src/signature.rs new file mode 100644 index 0000000000..fd36b37855 --- /dev/null +++ b/pallets/pallet-did-lookup/src/signature.rs @@ -0,0 +1,47 @@ +// KILT Blockchain – https://botlabs.org +// Copyright (C) 2019-2023 BOTLabs GmbH + +// The KILT Blockchain is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// The KILT Blockchain is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +// If you feel like getting in touch with us, you can do so at info@botlabs.org + +use parity_scale_codec::alloc::string::ToString; +use sp_std::vec::Vec; + +// According to https://github.com/polkadot-js/common/blob/5d5c7e4c0ace06e3301ccadfd3c3351955f1e251/packages/util/src/u8a/wrap.ts#L13 +const PAYLOAD_BYTES_WRAPPER_PREFIX: &[u8; 7] = b""; +const PAYLOAD_BYTES_WRAPPER_POSTFIX: &[u8; 8] = b""; +const ETHEREUM_SIGNATURE_PREFIX: &[u8; 26] = b"\x19Ethereum Signed Message:\n"; +pub(crate) enum WrapType { + Substrate, + Ethereum, +} + +pub(crate) fn get_wrapped_payload(payload: &[u8], wrap_type: WrapType) -> Vec { + match wrap_type { + WrapType::Substrate => PAYLOAD_BYTES_WRAPPER_PREFIX + .iter() + .chain(payload.iter()) + .chain(PAYLOAD_BYTES_WRAPPER_POSTFIX.iter()) + .copied() + .collect(), + WrapType::Ethereum => ETHEREUM_SIGNATURE_PREFIX + .iter() + // eth wrapping also contains the length of the payload + .chain(payload.len().to_string().as_bytes().iter()) + .chain(payload.iter()) + .copied() + .collect(), + } +} diff --git a/support/src/signature.rs b/support/src/signature.rs index e76b448611..bb85329a30 100644 --- a/support/src/signature.rs +++ b/support/src/signature.rs @@ -17,9 +17,7 @@ // If you feel like getting in touch with us, you can do so at info@botlabs.org use frame_support::dispatch::Weight; -use parity_scale_codec::alloc::string::ToString; use scale_info::TypeInfo; -use sp_std::vec::Vec; #[cfg(any(test, feature = "mock", feature = "runtime-benchmarks"))] use sp_std::marker::PhantomData; @@ -110,30 +108,3 @@ where Weight::zero() } } - -// According to https://github.com/polkadot-js/common/blob/5d5c7e4c0ace06e3301ccadfd3c3351955f1e251/packages/util/src/u8a/wrap.ts#L13 -const PAYLOAD_BYTES_WRAPPER_PREFIX: &[u8; 7] = b""; -const PAYLOAD_BYTES_WRAPPER_POSTFIX: &[u8; 8] = b""; -const ETHEREUM_SIGNATURE_PREFIX: &[u8; 26] = b"\x19Ethereum Signed Message:\n"; -pub enum WrapType { - Substrate, - Ethereum, -} - -pub fn get_wrapped_payload(payload: &[u8], wrap_type: WrapType) -> Vec { - match wrap_type { - WrapType::Substrate => PAYLOAD_BYTES_WRAPPER_PREFIX - .iter() - .chain(payload.iter()) - .chain(PAYLOAD_BYTES_WRAPPER_POSTFIX.iter()) - .copied() - .collect(), - WrapType::Ethereum => ETHEREUM_SIGNATURE_PREFIX - .iter() - // eth wrapping also contains the length of the payload - .chain(payload.len().to_string().as_bytes().iter()) - .chain(payload.iter()) - .copied() - .collect(), - } -}