From dfb97e55d23e6225347383b562477e494a9bf20d Mon Sep 17 00:00:00 2001 From: Morgan Kuphal <87319522+KuphJr@users.noreply.github.com> Date: Mon, 9 Oct 2023 14:58:00 -0500 Subject: [PATCH] remove request signatures (#10864) --- core/services/functions/listener.go | 9 ---- core/services/functions/listener_test.go | 32 ------------ core/services/functions/request.go | 62 +++--------------------- 3 files changed, 7 insertions(+), 96 deletions(-) diff --git a/core/services/functions/listener.go b/core/services/functions/listener.go index 084d1530a76..b07a4f302f3 100644 --- a/core/services/functions/listener.go +++ b/core/services/functions/listener.go @@ -490,15 +490,6 @@ func (l *FunctionsListener) handleRequest(ctx context.Context, requestID Request requestIDStr := formatRequestId(requestID) l.logger.Infow("processing request", "requestID", requestIDStr) - if l.pluginConfig.ContractVersion == 1 && l.pluginConfig.EnableRequestSignatureCheck { - err := VerifyRequestSignature(subscriptionOwner, requestData) - if err != nil { - l.logger.Errorw("invalid request signature", "requestID", requestIDStr, "err", err) - l.setError(ctx, requestID, USER_ERROR, []byte(err.Error())) - return - } - } - eaClient, err := l.bridgeAccessor.NewExternalAdapterClient() if err != nil { l.logger.Errorw("failed to create ExternalAdapterClient", "requestID", requestIDStr, "err", err) diff --git a/core/services/functions/listener_test.go b/core/services/functions/listener_test.go index 2bcf2542638..6e2d2bc9f6a 100644 --- a/core/services/functions/listener_test.go +++ b/core/services/functions/listener_test.go @@ -1,7 +1,6 @@ package functions_test import ( - "encoding/hex" "encoding/json" "fmt" "math/big" @@ -19,7 +18,6 @@ import ( decryptionPlugin "github.com/smartcontractkit/tdh2/go/ocr2/decryptionplugin" - cl_cbor "github.com/smartcontractkit/chainlink/v2/core/cbor" log_mocks "github.com/smartcontractkit/chainlink/v2/core/chains/evm/log/mocks" "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/functions/generated/ocr2dr_oracle" "github.com/smartcontractkit/chainlink/v2/core/internal/cltest" @@ -469,36 +467,6 @@ func TestFunctionsListener_PruneRequests(t *testing.T) { uni.service.Close() } -func TestFunctionsListener_RequestSignatureVerification(t *testing.T) { - testutils.SkipShortDB(t) - t.Parallel() - - cborBytes, err := hex.DecodeString(SignedCBORRequestHex) - require.NoError(t, err) - - var requestData functions_service.RequestData - err = cl_cbor.ParseDietCBORToStruct(cborBytes, &requestData) - require.NoError(t, err) - - err = functions_service.VerifyRequestSignature(SubOwnerAddr, &requestData) - assert.NoError(t, err) -} - -func TestFunctionsListener_RequestSignatureVerificationFailure(t *testing.T) { - testutils.SkipShortDB(t) - t.Parallel() - - cborBytes, err := hex.DecodeString(SignedCBORRequestHex) - require.NoError(t, err) - - var requestData functions_service.RequestData - err = cl_cbor.ParseDietCBORToStruct(cborBytes, &requestData) - require.NoError(t, err) - - err = functions_service.VerifyRequestSignature(NonSubOwnerAddr, &requestData) - assert.EqualError(t, err, "invalid request signature: signer's address does not match subscription owner") -} - func getFlags(requestSizeTier int, secretSizeTier int) [32]byte { var flags [32]byte flags[1] = byte(requestSizeTier) diff --git a/core/services/functions/request.go b/core/services/functions/request.go index a6715e0a87f..1a1d16a51dc 100644 --- a/core/services/functions/request.go +++ b/core/services/functions/request.go @@ -1,14 +1,5 @@ package functions -import ( - "encoding/json" - - "github.com/ethereum/go-ethereum/common" - "github.com/pkg/errors" - - "github.com/smartcontractkit/chainlink/v2/core/utils" -) - const ( LocationInline = 0 LocationRemote = 1 @@ -19,14 +10,13 @@ const ( type RequestFlags [32]byte type RequestData struct { - Source string `json:"source" cbor:"source"` - Language int `json:"language" cbor:"language"` - CodeLocation int `json:"codeLocation" cbor:"codeLocation"` - Secrets []byte `json:"secrets" cbor:"secrets"` - SecretsLocation int `json:"secretsLocation" cbor:"secretsLocation"` - RequestSignature []byte `json:"requestSignature,omitempty" cbor:"requestSignature"` - Args []string `json:"args,omitempty" cbor:"args"` - BytesArgs [][]byte `json:"bytesArgs,omitempty" cbor:"bytesArgs"` + Source string `json:"source" cbor:"source"` + Language int `json:"language" cbor:"language"` + CodeLocation int `json:"codeLocation" cbor:"codeLocation"` + Secrets []byte `json:"secrets" cbor:"secrets"` + SecretsLocation int `json:"secretsLocation" cbor:"secretsLocation"` + Args []string `json:"args,omitempty" cbor:"args"` + BytesArgs [][]byte `json:"bytesArgs,omitempty" cbor:"bytesArgs"` } type DONHostedSecrets struct { @@ -41,41 +31,3 @@ type SignedRequestData struct { SecretsLocation int `json:"secretsLocation" cbor:"secretsLocation"` Source string `json:"source" cbor:"source"` } - -// The request signature should sign the keccak256 hash of the following JSON string (without extra whitespace) -// with the corresponding Request fields in the order that they appear below: -// { -// "codeLocation": number, (0 for Location.Inline) -// "language": number, (0 for CodeLanguage.JavaScript) -// "secrets": string, (encryptedSecretsReference as base64 string, must be `null` if there are no secrets) -// "secretsLocation": number, (must be `null` if there are no secrets) (1 for Location.Remote, 2 for Location.DONHosted) -// "source": string, -// } - -func VerifyRequestSignature(subscriptionOwner common.Address, requestData *RequestData) error { - if requestData.RequestSignature == nil { - return errors.New("missing signature") - } - signedRequestData := SignedRequestData{ - CodeLocation: requestData.CodeLocation, - Language: requestData.Language, - Secrets: requestData.Secrets, - SecretsLocation: requestData.SecretsLocation, - Source: requestData.Source, - } - js, err := json.Marshal(signedRequestData) - if err != nil { - return errors.New("unable to marshal request data") - } - - signerAddr, err := utils.GetSignersEthAddress(js, requestData.RequestSignature) - if err != nil { - return errors.New("invalid request signature: unable to recover signer's address") - } - - if signerAddr != subscriptionOwner { - return errors.New("invalid request signature: signer's address does not match subscription owner") - } - - return nil -}