Improve EIP-7702 tests with web3 v7

Author: apaillier-ledger

client/src/ledger_app_clients/ethereum/client.py

@@ -213,13 +213,10 @@ def eip712_filtering_trusted_name(self,
     def eip712_filtering_raw(self, name: str, sig: bytes, discarded: bool):
         return self._exchange_async(self._cmd_builder.eip712_filtering_raw(name, sig, discarded))
 
-    def serialize_tx(self, tx_params: dict, tx_raw: Optional[bytes] = None) -> tuple[bytes, bytes]:
+    def serialize_tx(self, tx_params: dict) -> tuple[bytes, bytes]:
         """Computes the serialized TX and its hash"""
 
-        if tx_raw is not None:
-            tx = tx_raw
-        else:
-            tx = Web3().eth.account.create().sign_transaction(tx_params).raw_transaction
+        tx = Web3().eth.account.create().sign_transaction(tx_params).raw_transaction
         prefix = bytes()
         suffix = []
         if tx[0] in [0x01, 0x02, 0x04]:
@@ -228,20 +225,16 @@ def serialize_tx(self, tx_params: dict, tx_raw: Optional[bytes] = None) -> tuple
         else:  # legacy
             if "chainId" in tx_params:
                 suffix = [int(tx_params["chainId"]), bytes(), bytes()]
-        if tx_raw is None:
-            decoded_tx = rlp.decode(tx)[:-3]  # remove already computed signature
-        else:
-            decoded_tx = rlp.decode(tx)
+        decoded_tx = rlp.decode(tx)[:-3]  # remove already computed signature
         encoded_tx = prefix + rlp.encode(decoded_tx + suffix)
         tx_hash = keccak(encoded_tx)
         return encoded_tx, tx_hash
 
     def sign(self,
              bip32_path: str,
              tx_params: dict,
-             tx_raw: Optional[bytes] = None,  # Introduced for 7702 until web3.py supports authorization lists
              mode: SignMode = SignMode.BASIC):
-        tx, _ = self.serialize_tx(tx_params, tx_raw)
+        tx, _ = self.serialize_tx(tx_params)
         chunks = self._cmd_builder.sign(bip32_path, tx, mode)
         for chunk in chunks[:-1]:
             self._exchange(chunk)

client/src/ledger_app_clients/ethereum/utils.py

@@ -1,6 +1,8 @@
-from typing import Optional
 from eth_account import Account
 from eth_account.messages import encode_defunct, encode_typed_data
+from eth_account.datastructures import SignedSetCodeAuthorization
+from eth_account.typed_transactions.set_code_transaction import Authorization
+from eth_keys.datatypes import Signature
 import rlp
 
 
@@ -18,11 +20,8 @@ def recover_message(msg, vrs: tuple[int, int, int]) -> bytes:
     return bytes.fromhex(addr[2:])
 
 
-def recover_transaction(tx_params, vrs: tuple[int, int, int], raw_tx_param: Optional[bytes] = None) -> bytes:
-    if raw_tx_param is None:
-        raw_tx = Account.create().sign_transaction(tx_params).raw_transaction
-    else:
-        raw_tx = raw_tx_param
+def recover_transaction(tx_params, vrs: tuple[int, int, int]) -> bytes:
+    raw_tx = Account.create().sign_transaction(tx_params).raw_transaction
     prefix = bytes()
     if raw_tx[0] in [0x01, 0x02, 0x04]:
         prefix = raw_tx[:1]
@@ -53,9 +52,30 @@ def recover_transaction(tx_params, vrs: tuple[int, int, int], raw_tx_param: Opti
             # Pre EIP-155 TX
             assert False
     decoded = rlp.decode(raw_tx)
-    if raw_tx_param is None:
-        reencoded = rlp.encode(decoded[:-3] + list(vrs))
-    else:
-        reencoded = rlp.encode(decoded + list(vrs))
+    reencoded = rlp.encode(decoded[:-3] + list(vrs))
     addr = Account.recover_transaction(prefix + reencoded)
     return bytes.fromhex(addr[2:])
+
+
+# Code inspired by :
+# https://github.com/ethereum/eth-account/blob/a1ba20c9a112d3534ac3296f21f51e2f5127bf9b/eth_account/account.py#L1057
+def get_authorization_obj(chain_id: int,
+                          nonce: int,
+                          address: bytes,
+                          vrs: tuple[int, int, int]) -> SignedSetCodeAuthorization:
+    unsigned_authorization = Authorization(chain_id, address, nonce)
+    sig = Signature(vrs=vrs)
+    return SignedSetCodeAuthorization(
+        chain_id=chain_id,
+        address=address,
+        nonce=nonce,
+        y_parity=sig.v,
+        r=sig.r,
+        s=sig.s,
+        signature=sig,
+        authorization_hash=unsigned_authorization.hash(),
+    )
+
+
+def recover_authorization(chain_id: int, nonce: int, address: bytes, vrs: tuple[int, int, int]) -> bytes:
+    return get_authorization_obj(chain_id, nonce, address, vrs).authority

tests/ragger/test_eip7702.py

@@ -1,5 +1,6 @@
 import pytest
 
+from typing import Optional
 from ragger.error import ExceptionRAPDU
 from ragger.backend import BackendInterface
 from ragger.firmware import Firmware
@@ -11,6 +12,8 @@
 import client.response_parser as ResponseParser
 from client.tx_auth_7702 import TxAuth7702
 
+from client.utils import recover_authorization
+
 BIP32_PATH = "m/44'/60'/0'/0/0"
 TEST_ADDRESS_0 = bytes.fromhex("00" * 20)
 TEST_ADDRESS_1 = bytes.fromhex("01" * 20)
@@ -24,6 +27,8 @@
 NONCE = 1337
 NONCE_MAX = 0xFFFFFFFFFFFFFFFF
 
+DEVICE_ADDR: Optional[bytes] = None
+
 # Test vectors computed with
 # cast wallet sign-auth $ADDRESS --mnemonic $MNEMONIC --mnemonic-derivation-path "m/44'/60'/0'/0/0" --nonce $NONCE --chain $CHAINID
 # Decoded by https://codechain-io.github.io/rlp-debugger/
@@ -35,23 +40,25 @@ def common(firmware: Firmware,
            test_name: str,
            delegate: bytes,
            nonce: int,
-           chain_id: int,
-           v: int = None,
-           r: int = None,
-           s: int = None):
+           chain_id: int):
 
+    global DEVICE_ADDR
     app_client = EthAppClient(backend)
 
     if firmware.is_nano:
         end_text = "Accept"
     else:
         end_text = ".*Sign.*"
 
+    if DEVICE_ADDR is None:
+        with app_client.get_public_addr(bip32_path=BIP32_PATH, display=False):
+            pass
+        _, DEVICE_ADDR, _ = ResponseParser.pk_addr(app_client.response().data)
     auth_params = TxAuth7702(delegate, nonce, chain_id)
     with app_client.sign_eip7702_authorization(BIP32_PATH, auth_params):
         scenario.review_approve(test_name=test_name, custom_screen_text=end_text)
     vrs = ResponseParser.signature(app_client.response().data)
-    assert vrs == (v, r, s)
+    assert recover_authorization(chain_id, nonce, delegate, vrs) == DEVICE_ADDR
 
 
 def common_rejected(firmware: Firmware,
@@ -95,10 +102,7 @@ def test_eip7702_in_whitelist(firmware: Firmware,
            test_name,
            TEST_ADDRESS_1,
            NONCE,
-           CHAIN_ID_1,
-           0x00,
-           0xf82e50a755fa989f4bb9b36b15afb4424ce9cda69752fd17a7eb14737d963e62,
-           0x07c9c91d6140b45ea52f29de7a5effb9dd340607a26e225c40278e91c4054492)
+           CHAIN_ID_1)
 
 
 def test_eip7702_in_whitelist_all_chain_whitelisted(firmware: Firmware,
@@ -114,10 +118,7 @@ def test_eip7702_in_whitelist_all_chain_whitelisted(firmware: Firmware,
            test_name,
            TEST_ADDRESS_0,
            NONCE,
-           CHAIN_ID_2,
-           0x00,
-           0x0378f7ac482ec728b65d19d03943bbb3fe7307c72c646e7d2d0c11bee81eb2b9,
-           0x332266ec3ef996bf835c50a833006b4c80398d597d0e684619db4d51a384a38d)
+           CHAIN_ID_2)
 
 
 def test_eip7702_in_whitelist_all_chain_param(firmware: Firmware,
@@ -133,10 +134,7 @@ def test_eip7702_in_whitelist_all_chain_param(firmware: Firmware,
            test_name,
            TEST_ADDRESS_2,
            NONCE,
-           CHAIN_ID_0,
-           0x01,
-           0xa24f35cafc6b408ce32539d4bd89a67edd4d6303fc676dfddf93b98405b7ee5e,
-           0x159456babe656692959ca3d829ca269e8f82387c91e40a33633d190dda7a3c5c)
+           CHAIN_ID_0)
 
 
 def test_eip7702_in_whitelist_max(firmware: Firmware,
@@ -152,10 +150,7 @@ def test_eip7702_in_whitelist_max(firmware: Firmware,
            test_name,
            TEST_ADDRESS_MAX,
            NONCE_MAX,
-           CHAIN_ID_MAX,
-           0x00,
-           0xa07c680894498c21e80febb011ae5d62ede6645d77d7c902db065d5a082dd220,
-           0x6b5c62225cf65a6240c2583dacc1641c8d692ed3bd00473cc3e28fe1a4f52294)
+           CHAIN_ID_MAX)
 
 
 def test_eip7702_in_whitelist_wrong_chain(firmware: Firmware,

tests/ragger/test_sign.py

@@ -12,7 +12,7 @@
 from client.client import EthAppClient, StatusWord
 import client.response_parser as ResponseParser
 from client.settings import SettingID, settings_toggle
-from client.utils import recover_transaction
+from client.utils import recover_transaction, get_authorization_obj
 
 
 # Values used across all tests
@@ -38,13 +38,9 @@ def common(firmware: Firmware,
            scenario_navigator: NavigateWithScenario,
            default_screenshot_path: Path,
            tx_params: dict,
-           tx_raw: bytes = None,
            test_name: str = "",
            path: str = BIP32_PATH,
-           with_simu: bool = False,
-           v: bytes = None,
-           r: bytes = None,
-           s: bytes = None):
+           with_simu: bool = False):
     app_client = EthAppClient(backend)
 
     if tx_params["chainId"] == 3:
@@ -71,7 +67,7 @@ def common(firmware: Firmware,
         pass
     _, DEVICE_ADDR, _ = ResponseParser.pk_addr(app_client.response().data)
 
-    with app_client.sign(path, tx_params, tx_raw):
+    with app_client.sign(path, tx_params):
         if with_simu:
             navigator.navigate_and_compare(default_screenshot_path,
                                            f"{test_name}/warning",
@@ -85,17 +81,8 @@ def common(firmware: Firmware,
 
     # verify signature
     vrs = ResponseParser.signature(app_client.response().data)
-    if v is not None:  # temporary until web3.py supports 7702
-        print(vrs)
-        print(v)
-        print(r)
-        print(s)
-        assert v == vrs[0]
-        assert r == vrs[1]
-        assert s == vrs[2]
-    else:
-        addr = recover_transaction(tx_params, vrs, tx_raw)
-        assert addr == DEVICE_ADDR
+    addr = recover_transaction(tx_params, vrs)
+    assert addr == DEVICE_ADDR
 
 
 def common_reject(backend: BackendInterface,
@@ -376,19 +363,26 @@ def test_sign_eip_7702(firmware: Firmware,
     if firmware == Firmware.NANOS:
         pytest.skip("Not supported on LNS")
     tx_params = {
-        "chainId": 1
+        "chainId": 1,
+        "nonce": 1337,
+        "maxPriorityFeePerGas": 0x01,
+        "maxFeePerGas": 0x01,
+        "gas": 21000,
+        "to": bytes.fromhex("1212121212121212121212121212121212121212"),
+        "value": Web3.to_wei(0.01, "ether"),
+        "authorizationList": [
+            get_authorization_obj(0, 1337, bytes.fromhex("1212121212121212121212121212121212121212"), (
+                0x01,
+                0xa24f35cafc6b408ce32539d4bd89a67edd4d6303fc676dfddf93b98405b7ee5e,
+                0x159456babe656692959ca3d829ca269e8f82387c91e40a33633d190dda7a3c5c,
+            ))
+        ],
     }
-    tx_raw = bytes.fromhex("04f888018205390101825208941212121212121212121212121212121212121212872386f26fc1000080c0f85ef85c8094020202020202020202020202020202020202020282053901a0a24f35cafc6b408ce32539d4bd89a67edd4d6303fc676dfddf93b98405b7ee5ea0159456babe656692959ca3d829ca269e8f82387c91e40a33633d190dda7a3c5c")
     common(firmware,
            backend,
            navigator,
            scenario_navigator,
            default_screenshot_path,
            tx_params,
-           tx_raw,
            test_name=test_name,
-           path=BIP32_PATH,
-           with_simu=False,
-           v=0x01,
-           r=0x9800ce04ecb46aebde0fea80c66392255eb13c3b3597aeec222447f6e1bfcfaf,
-           s=0x787eb82581e1a51d8956f21a0ccd0b96d8de14b04c11de0b7dcb5e400219902b)
+           path=BIP32_PATH)