Merge branch 'aip-61-adex-v5' into channel-list-filter-by-chain

Author: simzzz

Cargo.lock

@@ -20,7 +20,7 @@ primitives = { path = "../primitives" }
 
 # For Ethereum client
 web3 = { version = "0.18", features = ["http-tls", "signing"] }
-ethstore = { git = "https://github.com/openethereum/openethereum", tag = "v3.1.1-rc.1" }
+ethsign = "0.8"
 create2 = "0.0.2"
 
 # For Dummy client

adapter/Cargo.toml

@@ -16,7 +16,11 @@ pub trait Locked: Sync + Send {
     /// Get Adapter whoami
     fn whoami(&self) -> ValidatorId;
 
-    /// Verify, based on the signature & state_root, that the signer is the same
+    /// Verify, based on the `signature` & `state_root`, that the `signer` is the same.
+    ///
+    /// `signature` should be a `0x` prefixed hex string.
+    ///
+    /// `state_root` should be a hex string, with no `0x` prefix.
     fn verify(
         &self,
         signer: ValidatorId,

adapter/src/client.rs

@@ -1,9 +1,8 @@
 //! The [`Ethereum`] client for the [`Adapter`].
 
-use ethstore::{ethkey::Password, SafeAccount};
+use ethsign::{KeyFile, Protected, SecretKey, Signature};
 
 use once_cell::sync::Lazy;
-use serde_json::Value;
 use web3::signing::keccak256;
 
 use crate::{Adapter, LockedState, UnlockedState};
@@ -65,15 +64,67 @@ fn to_ethereum_signed(message: &[u8]) -> [u8; 32] {
     keccak256(&bytes)
 }
 
+/// Trait for encoding a signature into RSV array
+/// and V altered to be in "Electrum" notation, i.e. `v += 27`
+pub trait Electrum {
+    /// Encode the signature into RSV array (V altered to be in "Electrum" notation).
+    ///`{r}{s}{v}`
+    ///
+    ///
+    fn to_electrum(&self) -> [u8; 65];
+
+    /// Parse bytes as a signature encoded as RSV (V in "Electrum" notation).
+    /// `{r}{s}{v}`
+    ///
+    /// Will return `None` if given data has invalid length or
+    /// if `V` (byte 64) component is not in electrum notation (`< 27`)
+    fn from_electrum(data: &[u8]) -> Option<Self>
+    where
+        Self: Sized;
+}
+
+impl Electrum for Signature {
+    fn to_electrum(&self) -> [u8; 65] {
+        let mut electrum_array = [0_u8; 65];
+
+        // R
+        electrum_array[0..32].copy_from_slice(&self.r);
+        // S
+        electrum_array[32..64].copy_from_slice(&self.s);
+        // V altered to be in "Electrum" notation
+        electrum_array[64] = self.v + 27;
+
+        electrum_array
+    }
+
+    fn from_electrum(sig: &[u8]) -> Option<Self> {
+        if sig.len() != 65 || sig[64] < 27 {
+            return None;
+        }
+
+        let mut r = [0u8; 32];
+        r.copy_from_slice(&sig[0..32]);
+
+        let mut s = [0u8; 32];
+        s.copy_from_slice(&sig[32..64]);
+
+        let v = sig[64] - 27;
+
+        Some(Signature { v, r, s })
+    }
+}
+
 #[derive(Debug, Clone)]
 pub struct UnlockedWallet {
-    wallet: SafeAccount,
-    password: Password,
+    wallet: SecretKey,
 }
 
 #[derive(Debug, Clone)]
 pub enum LockedWallet {
-    KeyStore { keystore: Value, password: Password },
+    KeyStore {
+        keystore: KeyFile,
+        password: Protected,
+    },
     PrivateKey(String),
 }
 

adapter/src/ethereum.rs

@@ -7,20 +7,16 @@ use crate::{
 use async_trait::async_trait;
 use chrono::Utc;
 use create2::calc_addr;
-use ethstore::{
-    ethkey::{verify_address, Message, Signature},
-    SafeAccount,
-};
+use ethsign::{KeyFile, Signature};
 use primitives::{Address, BigNum, Chain, ChainId, ChainOf, Channel, Config, ValidatorId};
 
 use super::{
     channel::EthereumChannel,
     error::{Error, EwtSigningError, KeystoreError, VerifyError},
     ewt::{self, Payload},
-    to_ethereum_signed, LockedWallet, UnlockedWallet, WalletState, DEPOSITOR_BYTECODE_DECODED,
-    ERC20_ABI, IDENTITY_ABI, OUTPACE_ABI, SWEEPER_ABI,
+    to_ethereum_signed, Electrum, LockedWallet, UnlockedWallet, WalletState,
+    DEPOSITOR_BYTECODE_DECODED, ERC20_ABI, IDENTITY_ABI, OUTPACE_ABI, SWEEPER_ABI,
 };
-use serde_json::Value;
 use web3::{
     contract::{Contract, Options as ContractOptions},
     ethabi::{encode, Token},
@@ -80,22 +76,18 @@ impl Ethereum<LockedWallet> {
     pub fn init(opts: Options, config: &Config) -> Result<Self, Error> {
         let keystore_contents =
             fs::read_to_string(&opts.keystore_file).map_err(KeystoreError::ReadingFile)?;
-        let keystore_json: Value =
+        let keystore_json: KeyFile =
             serde_json::from_str(&keystore_contents).map_err(KeystoreError::Deserialization)?;
 
-        let address = {
-            let keystore_address = keystore_json
-                .get("address")
-                .and_then(|value| value.as_str())
-                .ok_or(KeystoreError::AddressMissing)?;
+        let address_bytes = keystore_json
+            .address
+            .clone()
+            .ok_or(KeystoreError::AddressMissing)?;
 
-            keystore_address
-                .parse()
-                .map_err(KeystoreError::AddressInvalid)
-        }?;
+        let address = Address::from_slice(&address_bytes.0).ok_or(KeystoreError::AddressLength)?;
 
         Ok(Self {
-            address,
+            address: ValidatorId::from(address),
             config: config.to_owned(),
             state: LockedWallet::KeyStore {
                 keystore: keystore_json,
@@ -160,16 +152,9 @@ impl Unlockable for Ethereum<LockedWallet> {
     fn unlock(&self) -> Result<Ethereum<UnlockedWallet>, <Self::Unlocked as Locked>::Error> {
         let unlocked_wallet = match &self.state {
             LockedWallet::KeyStore { keystore, password } => {
-                let json = serde_json::from_value(keystore.clone())
-                    .map_err(KeystoreError::Deserialization)?;
-
-                let wallet = SafeAccount::from_file(json, None, &Some(password.clone()))
-                    .map_err(|err| Error::WalletUnlock(err.to_string()))?;
+                let wallet = keystore.to_secret_key(password)?;
 
-                UnlockedWallet {
-                    wallet,
-                    password: password.clone(),
-                }
+                UnlockedWallet { wallet }
             }
             LockedWallet::PrivateKey(_priv_key) => todo!(),
         };
@@ -201,15 +186,19 @@ impl<S: WalletState> Locked for Ethereum<S> {
         }
         let decoded_signature =
             hex::decode(&signature[2..]).map_err(VerifyError::SignatureDecoding)?;
-        let address = ethstore::ethkey::Address::from(*signer.as_bytes());
-        let signature = Signature::from_electrum(&decoded_signature);
+
+        let signature =
+            Signature::from_electrum(&decoded_signature).ok_or(VerifyError::SignatureInvalid)?;
         let state_root = hex::decode(state_root).map_err(VerifyError::StateRootDecoding)?;
-        let message = Message::from(to_ethereum_signed(&state_root));
 
-        let verify_address = verify_address(&address, &signature, &message)
-            .map_err(VerifyError::PublicKeyRecovery)?;
+        let message = to_ethereum_signed(&state_root);
 
-        Ok(verify_address)
+        // recover the public key using the signature and the eth sign message
+        let public_key = signature
+            .recover(&message)
+            .map_err(|ec_err| VerifyError::PublicKeyRecovery(ec_err.to_string()))?;
+
+        Ok(public_key.address() == signer.as_bytes())
     }
 
     /// Creates a `Session` from a provided Token by calling the Contract.
@@ -358,16 +347,16 @@ impl<S: WalletState> Locked for Ethereum<S> {
 impl Unlocked for Ethereum<UnlockedWallet> {
     fn sign(&self, state_root: &str) -> Result<String, Error> {
         let state_root = hex::decode(state_root).map_err(VerifyError::StateRootDecoding)?;
-        let message = Message::from(to_ethereum_signed(&state_root));
+        let message = to_ethereum_signed(&state_root);
+
         let wallet_sign = self
             .state
             .wallet
-            .sign(&self.state.password, &message)
+            .sign(&message)
             // TODO: This is not entirely true, we do not sign an Ethereum Web Token but Outpace state_root
             .map_err(|err| EwtSigningError::SigningMessage(err.to_string()))?;
-        let signature: Signature = wallet_sign.into_electrum().into();
 
-        Ok(format!("0x{}", signature))
+        Ok(format!("0x{}", hex::encode(wallet_sign.to_electrum())))
     }
 
     fn get_auth(&self, for_chain: ChainId, intended_for: ValidatorId) -> Result<String, Error> {
@@ -380,8 +369,7 @@ impl Unlocked for Ethereum<UnlockedWallet> {
             chain_id: for_chain,
         };
 
-        let token = ewt::Token::sign(&self.state.wallet, &self.state.password, payload)
-            .map_err(Error::SignMessage)?;
+        let token = ewt::Token::sign(&self.state.wallet, payload).map_err(Error::SignMessage)?;
 
         Ok(token.to_string())
     }
@@ -395,15 +383,14 @@ mod test {
         ewt::{self, Payload},
         get_counterfactual_address,
         test_util::*,
-        to_ethereum_signed,
+        to_ethereum_signed, Electrum,
     };
 
     use crate::{
         prelude::*,
         primitives::{Deposit, Session},
     };
     use chrono::Utc;
-    use ethstore::ethkey::Message;
 
     use primitives::{
         channel::Nonce,
@@ -509,14 +496,13 @@ mod test {
 
             let signature_actual = {
                 let ethers_sign_message = to_ethereum_signed(&msg_hash_actual);
-                let message = Message::from(ethers_sign_message);
 
                 let mut signature = user_adapter
                     .state
                     .wallet
-                    .sign(&user_adapter.state.password, &message)
+                    .sign(&ethers_sign_message)
                     .expect("Should sign message")
-                    .into_electrum()
+                    .to_electrum()
                     .to_vec();
 
                 signature.extend(ETH_SIGN_SUFFIX.as_slice());
@@ -549,14 +535,13 @@ mod test {
 
             let signature_actual = {
                 let ethers_sign_message = to_ethereum_signed(&msg_hash_actual);
-                let message = Message::from(ethers_sign_message);
 
                 let mut signature = evil_adapter
                     .state
                     .wallet
-                    .sign(&evil_adapter.state.password, &message)
+                    .sign(&ethers_sign_message)
                     .expect("Should sign message")
-                    .into_electrum()
+                    .to_electrum()
                     .to_vec();
 
                 signature.extend(ETH_SIGN_SUFFIX.as_slice());
@@ -631,7 +616,7 @@ mod test {
             chain_id: ganache_chain.chain_id,
         };
 
-        let auth_token = ewt::Token::sign(&adapter.state.wallet, &adapter.state.password, payload)
+        let auth_token = ewt::Token::sign(&adapter.state.wallet, payload)
             .expect("Should sign successfully the Payload");
 
         let has_privileges = adapter
@@ -684,12 +669,8 @@ mod test {
             chain_id: ganache_chain.chain_id,
         };
 
-        let token = ewt::Token::sign(
-            &signer_adapter.state.wallet,
-            &signer_adapter.state.password,
-            payload,
-        )
-        .expect("Should sign successfully the Payload");
+        let token = ewt::Token::sign(&signer_adapter.state.wallet, payload)
+            .expect("Should sign successfully the Payload");
 
         // double check that we have privileges for _Who Am I_
         assert!(adapter

adapter/src/ethereum/client.rs

@@ -37,8 +37,7 @@ pub enum Error {
     #[error("Keystore: {0}")]
     Keystore(#[from] KeystoreError),
     #[error("Wallet unlocking: {0}")]
-    /// Since [`ethstore::Error`] is not [`Sync`] we must use a [`String`] instead.
-    WalletUnlock(String),
+    WalletUnlock(#[from] ethsign::Error),
     #[error("Web3: {0}")]
     Web3(#[from] web3::Error),
     /// When the ChannelId that we get from hashing the EthereumChannel with the contract address
@@ -82,13 +81,16 @@ pub enum Error {
 /// (signer, state_root, signature) **doesn't align**.
 pub enum VerifyError {
     #[error("Recovering the public key from the signature: {0}")]
-    PublicKeyRecovery(#[from] ethstore::ethkey::Error),
+    /// `secp256k1` error
+    PublicKeyRecovery(String),
     #[error("Decoding state root: {0}")]
     StateRootDecoding(#[source] hex::FromHexError),
     #[error("Decoding signature: {0}")]
     SignatureDecoding(#[source] hex::FromHexError),
     #[error("Signature is not prefixed with `0x`")]
     SignatureNotPrefixed,
+    #[error("Signature length or V component of the Signature was incorrect")]
+    SignatureInvalid,
 }
 
 #[derive(Debug, Error)]
@@ -97,8 +99,8 @@ pub enum KeystoreError {
     #[error("\"address\" key missing in keystore file")]
     AddressMissing,
     /// The `address` key in the keystore file is not a valid `ValidatorId`
-    #[error("\"address\" is invalid: {0}")]
-    AddressInvalid(#[source] primitives::address::Error),
+    #[error("\"address\" length should be 20 bytes")]
+    AddressLength,
     /// reading the keystore file failed
     #[error("Reading keystore file: {0}")]
     ReadingFile(#[source] std::io::Error),
@@ -113,7 +115,8 @@ pub enum EwtSigningError {
     HeaderSerialization(#[source] serde_json::Error),
     #[error("Payload serialization: {0}")]
     PayloadSerialization(#[source] serde_json::Error),
-    /// Since [`ethstore::Error`] is not [`Sync`] we must use a [`String`] instead.
+    /// we must use a [`String`] since [`ethsign`] does not export the error from
+    /// the `secp256k1` crate which is returned in the [`ethsign::SecretKey::sign()`] method.
     #[error("Signing message: {0}")]
     SigningMessage(String),
     #[error("Decoding hex of Signature: {0}")]
@@ -128,13 +131,15 @@ pub enum EwtVerifyError {
     InvalidTokenLength,
     #[error("The token does not comply to the format of header.payload.signature")]
     InvalidToken,
+    /// We use a `String` because [`ethsign::Signature::recover()`] returns `secp256k1` error
+    /// which is not exported in `ethsign`.
     #[error("Address recovery: {0}")]
-    AddressRecovery(#[from] ethstore::ethkey::Error),
+    AddressRecovery(String),
     #[error("Signature decoding: {0}")]
     SignatureDecoding(#[source] base64::DecodeError),
-    /// When token is decoded but creating a Signature results in empty Signature.
-    /// Signature is encoded as RSV (V in "Electrum" notation)
-    /// See [`Signature::from_electrum`]
+    /// If there is no suffix in the signature for the mode
+    /// or if Signature length is not 65 bytes
+    /// or if Signature V component is not in "Electrum" notation (`< 27`).
     #[error("Error when decoding token signature")]
     InvalidSignature,
     #[error("Payload decoding: {0}")]