Skip to content

Commit

Permalink
remove request signatures (#10864)
Browse files Browse the repository at this point in the history
  • Loading branch information
KuphJr authored Oct 9, 2023
1 parent a40a6a8 commit dfb97e5
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 96 deletions.
9 changes: 0 additions & 9 deletions core/services/functions/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -490,15 +490,6 @@ func (l *FunctionsListener) handleRequest(ctx context.Context, requestID Request
requestIDStr := formatRequestId(requestID)
l.logger.Infow("processing request", "requestID", requestIDStr)

if l.pluginConfig.ContractVersion == 1 && l.pluginConfig.EnableRequestSignatureCheck {
err := VerifyRequestSignature(subscriptionOwner, requestData)
if err != nil {
l.logger.Errorw("invalid request signature", "requestID", requestIDStr, "err", err)
l.setError(ctx, requestID, USER_ERROR, []byte(err.Error()))
return
}
}

eaClient, err := l.bridgeAccessor.NewExternalAdapterClient()
if err != nil {
l.logger.Errorw("failed to create ExternalAdapterClient", "requestID", requestIDStr, "err", err)
Expand Down
32 changes: 0 additions & 32 deletions core/services/functions/listener_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package functions_test

import (
"encoding/hex"
"encoding/json"
"fmt"
"math/big"
Expand All @@ -19,7 +18,6 @@ import (

decryptionPlugin "github.com/smartcontractkit/tdh2/go/ocr2/decryptionplugin"

cl_cbor "github.com/smartcontractkit/chainlink/v2/core/cbor"
log_mocks "github.com/smartcontractkit/chainlink/v2/core/chains/evm/log/mocks"
"github.com/smartcontractkit/chainlink/v2/core/gethwrappers/functions/generated/ocr2dr_oracle"
"github.com/smartcontractkit/chainlink/v2/core/internal/cltest"
Expand Down Expand Up @@ -469,36 +467,6 @@ func TestFunctionsListener_PruneRequests(t *testing.T) {
uni.service.Close()
}

func TestFunctionsListener_RequestSignatureVerification(t *testing.T) {
testutils.SkipShortDB(t)
t.Parallel()

cborBytes, err := hex.DecodeString(SignedCBORRequestHex)
require.NoError(t, err)

var requestData functions_service.RequestData
err = cl_cbor.ParseDietCBORToStruct(cborBytes, &requestData)
require.NoError(t, err)

err = functions_service.VerifyRequestSignature(SubOwnerAddr, &requestData)
assert.NoError(t, err)
}

func TestFunctionsListener_RequestSignatureVerificationFailure(t *testing.T) {
testutils.SkipShortDB(t)
t.Parallel()

cborBytes, err := hex.DecodeString(SignedCBORRequestHex)
require.NoError(t, err)

var requestData functions_service.RequestData
err = cl_cbor.ParseDietCBORToStruct(cborBytes, &requestData)
require.NoError(t, err)

err = functions_service.VerifyRequestSignature(NonSubOwnerAddr, &requestData)
assert.EqualError(t, err, "invalid request signature: signer's address does not match subscription owner")
}

func getFlags(requestSizeTier int, secretSizeTier int) [32]byte {
var flags [32]byte
flags[1] = byte(requestSizeTier)
Expand Down
62 changes: 7 additions & 55 deletions core/services/functions/request.go
Original file line number Diff line number Diff line change
@@ -1,14 +1,5 @@
package functions

import (
"encoding/json"

"github.com/ethereum/go-ethereum/common"
"github.com/pkg/errors"

"github.com/smartcontractkit/chainlink/v2/core/utils"
)

const (
LocationInline = 0
LocationRemote = 1
Expand All @@ -19,14 +10,13 @@ const (
type RequestFlags [32]byte

type RequestData struct {
Source string `json:"source" cbor:"source"`
Language int `json:"language" cbor:"language"`
CodeLocation int `json:"codeLocation" cbor:"codeLocation"`
Secrets []byte `json:"secrets" cbor:"secrets"`
SecretsLocation int `json:"secretsLocation" cbor:"secretsLocation"`
RequestSignature []byte `json:"requestSignature,omitempty" cbor:"requestSignature"`
Args []string `json:"args,omitempty" cbor:"args"`
BytesArgs [][]byte `json:"bytesArgs,omitempty" cbor:"bytesArgs"`
Source string `json:"source" cbor:"source"`
Language int `json:"language" cbor:"language"`
CodeLocation int `json:"codeLocation" cbor:"codeLocation"`
Secrets []byte `json:"secrets" cbor:"secrets"`
SecretsLocation int `json:"secretsLocation" cbor:"secretsLocation"`
Args []string `json:"args,omitempty" cbor:"args"`
BytesArgs [][]byte `json:"bytesArgs,omitempty" cbor:"bytesArgs"`
}

type DONHostedSecrets struct {
Expand All @@ -41,41 +31,3 @@ type SignedRequestData struct {
SecretsLocation int `json:"secretsLocation" cbor:"secretsLocation"`
Source string `json:"source" cbor:"source"`
}

// The request signature should sign the keccak256 hash of the following JSON string (without extra whitespace)
// with the corresponding Request fields in the order that they appear below:
// {
// "codeLocation": number, (0 for Location.Inline)
// "language": number, (0 for CodeLanguage.JavaScript)
// "secrets": string, (encryptedSecretsReference as base64 string, must be `null` if there are no secrets)
// "secretsLocation": number, (must be `null` if there are no secrets) (1 for Location.Remote, 2 for Location.DONHosted)
// "source": string,
// }

func VerifyRequestSignature(subscriptionOwner common.Address, requestData *RequestData) error {
if requestData.RequestSignature == nil {
return errors.New("missing signature")
}
signedRequestData := SignedRequestData{
CodeLocation: requestData.CodeLocation,
Language: requestData.Language,
Secrets: requestData.Secrets,
SecretsLocation: requestData.SecretsLocation,
Source: requestData.Source,
}
js, err := json.Marshal(signedRequestData)
if err != nil {
return errors.New("unable to marshal request data")
}

signerAddr, err := utils.GetSignersEthAddress(js, requestData.RequestSignature)
if err != nil {
return errors.New("invalid request signature: unable to recover signer's address")
}

if signerAddr != subscriptionOwner {
return errors.New("invalid request signature: signer's address does not match subscription owner")
}

return nil
}

0 comments on commit dfb97e5

Please sign in to comment.