Ziga/add personal sign authentication message #1811
Conversation
zkokelj
force-pushed
the
ziga/add_personal_sign_authentication_message
branch
from
7c02e15 to
1976388
Compare
zkokelj
force-pushed
the
ziga/add_personal_sign_authentication_message
branch
2 times, most recently
from
47cbbb3 to
2c1f41c
Compare
zkokelj
force-pushed
the
ziga/add_personal_sign_authentication_message
branch
from
f148e94 to
c2f85ed
Compare
go/common/viewingkey/viewing_key.go
Outdated
| var PersonalSignMessageSupportedVersions = []int{1} | ||
|
|
||
| // SignatureType is used to differentiate between different signature types (string is used, because int is not RLP-serializable) | ||
| type SignatureType string |
There was a problem hiding this comment.
you can make SignatureType an iota to avoid the conversions and minimize the data
There was a problem hiding this comment.
This was my initial approach, but having SignatureType of type int causes problems with RLP serialisation.
And errors like this:
Cause: rlp: type int is not RLP-serializable (struct field viewingkey.RPCSignedViewingKey.SignatureType) (struct field common.LogSubscription.ViewingKey)"}} component=test_log
I can change it to []byte to save some space. What do you think? Do you have some other ideas?
There was a problem hiding this comment.
what about int8 or one of the other int types?
There was a problem hiding this comment.
all int types fail with the same error unfortunately
go/common/viewingkey/viewing_key.go
Outdated
| @@ -245,8 +274,8 @@ func CheckSignatureAndReturnAccountAddress(hashBytes []byte, signature []byte) ( | |||
| return nil, fmt.Errorf("invalid signature") | |||
| } | |||
|
|
|||
| // CheckEIP712Signature checks if signature is valid for provided userID and chainID and return address or nil if not valid | |||
| func CheckEIP712Signature(userID string, signature []byte, chainID int64) (*gethcommon.Address, error) { | |||
| // checkEIP712Signature checks if signature is valid for provided userID and chainID and return address or nil if not valid | |||
There was a problem hiding this comment.
it would be nice if these functions each lived in their own type behind an interface
go/common/viewingkey/viewing_key.go
Outdated
| func CheckSignature(encryptionToken string, signature []byte, chainID int64, signatureType SignatureType) (*gethcommon.Address, error) { | ||
| if signatureType == PersonalSign { | ||
| return checkPersonalSignSignature(encryptionToken, signature, chainID) | ||
| } else if signatureType == EIP712Signature { |
There was a problem hiding this comment.
if these checks were each in their type, then you can have a map of registered signature handlers, and make this method much simpler
| func (o *TGLib) RegisterAccountPersonalSign(pk *ecdsa.PrivateKey, addr gethcommon.Address) error { | ||
| // create the registration message | ||
| personalSignMessage := viewingkey.GeneratePersonalSignMessage(string(o.userID), integration.TenChainID, 1) | ||
| prefixedMessage := fmt.Sprintf(viewingkey.PersonalSignMessagePrefix, len(personalSignMessage), personalSignMessage) |
There was a problem hiding this comment.
shouldn't this prefix logic be in the GeneratePersonalSignMessage function as well?
There was a problem hiding this comment.
Good point. Actually this prefixing can be removed by using accounts.TextHash from geth, which adds the prefix and hashes the message + keeping it without a prefix is better for the new endpoints (wallets like Metamask automatically adds this prefix to the message)
|
General comment / question. Is it critical if our system is vulnerable to the following (possible attack)? When users sign the message to authenticate them they have 3 options (legacy will be removed and I won't talk about it). |
If I understand the attack correctly, the user wants to read the data of an account they don't control. For this, they have to produce a signed message of one of the 2 formats that contains the target address in the right place and sign that with a key they control that somehow, when going through our recovery algorithm will produce the right values? |
go/common/viewingkey/viewing_key.go
Outdated
| var PersonalSignMessageSupportedVersions = []int{1} | ||
|
|
||
| // SignatureType is used to differentiate between different signature types (string is used, because int is not RLP-serializable) | ||
| type SignatureType string |
There was a problem hiding this comment.
what about int8 or one of the other int types?
go/common/viewingkey/viewing_key.go
Outdated
| SignatureType SignatureType | ||
| } | ||
|
|
||
| // SignatureChecker is an interface for checking if signature is valid for provided encryptionToken and chainID and return address or nil if not valid |
There was a problem hiding this comment.
return "signing address"
Why this change is needed
We want to use Rainbowkit (https://www.rainbowkit.com/) in the future and they don't support EIP-712 messages yet.
To use them we need to add personal sign message, because it is impossible to overwrite signer there.
In order to avoid confusion I also refactored and simplified parts of code for signature verification and introduced signatureType.
What changes were made as part of this PR
PR checks pre-merging
Please indicate below by ticking the checkbox that you have read and performed the required
PR checks