From ede6c33a189856a20cf6b82849a1ec48c2160253 Mon Sep 17 00:00:00 2001 From: Arnau B Date: Wed, 21 Oct 2020 16:40:31 +0200 Subject: [PATCH] Impl account creation auth endpoints --- api/api.go | 1 - api/api_test.go | 82 +++++++++++++++++++++++++++++++++- api/dbtoapistructs.go | 46 +++++++++++++++++++ api/handlers.go | 35 ++++++++++++++- api/parsers.go | 7 +++ api/swagger.yml | 34 ++++++++++---- common/accountcreationauths.go | 34 ++++++++++++++ db/l2db/l2db.go | 8 +++- test/l2db.go | 35 ++++++++++----- test/l2db_test.go | 15 +++++++ 10 files changed, 271 insertions(+), 26 deletions(-) create mode 100644 test/l2db_test.go diff --git a/api/api.go b/api/api.go index d610dc5..03e7fa6 100644 --- a/api/api.go +++ b/api/api.go @@ -11,7 +11,6 @@ import ( var h *historydb.HistoryDB var cg *configAPI - var s *statedb.StateDB var l2 *l2db.L2DB diff --git a/api/api_test.go b/api/api_test.go index 40ab77c..83ab7da 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -51,6 +51,7 @@ type testCommon struct { usrExits []exitAPI poolTxsToSend []receivedPoolTx poolTxsToReceive []sendPoolTx + auths []accountCreationAuthAPI router *swagger.Router } @@ -637,6 +638,15 @@ func TestMain(m *testing.M) { if err != nil { panic(err) } + // Account creation auth + const nAuths = 5 + auths := test.GenAuths(nAuths) + // Transform auths to API format + apiAuths := []accountCreationAuthAPI{} + for _, auth := range auths { + apiAuth := accountCreationAuthToAPI(auth) + apiAuths = append(apiAuths, *apiAuth) + } // Set testCommon tc = testCommon{ blocks: blocks, @@ -652,6 +662,7 @@ func TestMain(m *testing.M) { usrExits: usrExits, poolTxsToSend: poolTxsToSend, poolTxsToReceive: poolTxsToReceive, + auths: apiAuths, router: router, } // Fake server @@ -1325,6 +1336,69 @@ func TestGetCoordinators(t *testing.T) { err = doBadReq("GET", path, nil, 404) assert.NoError(t, err) } +func TestAccountCreationAuth(t *testing.T) { + // POST + endpoint := apiURL + "account-creation-authorization" + for _, auth := range tc.auths { + jsonAuthBytes, err := json.Marshal(auth) + assert.NoError(t, err) + jsonAuthReader := bytes.NewReader(jsonAuthBytes) + fmt.Println(string(jsonAuthBytes)) + assert.NoError( + t, doGoodReq( + "POST", + endpoint, + jsonAuthReader, nil, + ), + ) + } + // GET + endpoint += "/" + for _, auth := range tc.auths { + fetchedAuth := accountCreationAuthAPI{} + assert.NoError( + t, doGoodReq( + "GET", + endpoint+auth.EthAddr, + nil, &fetchedAuth, + ), + ) + assertAuth(t, auth, fetchedAuth) + } + // POST + // 400 + // Wrong addr + badAuth := tc.auths[0] + badAuth.EthAddr = ethAddrToHez(ethCommon.BigToAddress(big.NewInt(1))) + jsonAuthBytes, err := json.Marshal(badAuth) + assert.NoError(t, err) + jsonAuthReader := bytes.NewReader(jsonAuthBytes) + err = doBadReq("POST", endpoint, jsonAuthReader, 400) + assert.NoError(t, err) + // Wrong signature + badAuth = tc.auths[0] + badAuth.Signature = badAuth.Signature[:len(badAuth.Signature)-1] + badAuth.Signature += "F" + jsonAuthBytes, err = json.Marshal(badAuth) + assert.NoError(t, err) + jsonAuthReader = bytes.NewReader(jsonAuthBytes) + err = doBadReq("POST", endpoint, jsonAuthReader, 400) + assert.NoError(t, err) + // GET + // 400 + err = doBadReq("GET", endpoint+"hez:0xFooBar", nil, 400) + assert.NoError(t, err) + // 404 + err = doBadReq("GET", endpoint+"hez:0x0000000000000000000000000000000000000001", nil, 404) + assert.NoError(t, err) +} + +func assertAuth(t *testing.T, expected, actual accountCreationAuthAPI) { + // timestamp should be very close to now + assert.Less(t, time.Now().UTC().Unix()-3, actual.Timestamp.Unix()) + expected.Timestamp = actual.Timestamp + assert.Equal(t, expected, actual) +} func doGoodReqPaginated( path, order string, @@ -1393,7 +1467,7 @@ func doGoodReq(method, path string, reqBody io.Reader, returnStruct interface{}) if err != nil { return err } - if resp.Body == nil { + if resp.Body == nil && returnStruct != nil { return errors.New("Nil body") } //nolint @@ -1403,10 +1477,14 @@ func doGoodReq(method, path string, reqBody io.Reader, returnStruct interface{}) return err } if resp.StatusCode != 200 { - return fmt.Errorf("%d response: %s", resp.StatusCode, string(body)) + return fmt.Errorf("%d response. Body: %s", resp.StatusCode, string(body)) + } + if returnStruct == nil { + return nil } // Unmarshal body into return struct if err := json.Unmarshal(body, returnStruct); err != nil { + log.Error("invalid json: " + string(body)) return err } // Validate response against swagger spec diff --git a/api/dbtoapistructs.go b/api/dbtoapistructs.go index 5d550d4..b6b4b3b 100644 --- a/api/dbtoapistructs.go +++ b/api/dbtoapistructs.go @@ -2,10 +2,12 @@ package api import ( "encoding/base64" + "encoding/hex" "errors" "fmt" "math/big" "strconv" + "strings" "time" ethCommon "github.com/ethereum/go-ethereum/common" @@ -665,3 +667,47 @@ func coordinatorsToAPI(dbCoordinators []historydb.HistoryCoordinator) []coordina } return apiCoordinators } + +// AccountCreationAuth + +type accountCreationAuthAPI struct { + EthAddr string `json:"hezEthereumAddress" binding:"required"` + BJJ string `json:"bjj" binding:"required"` + Signature string `json:"signature" binding:"required"` + Timestamp time.Time `json:"timestamp"` +} + +func accountCreationAuthToAPI(dbAuth *common.AccountCreationAuth) *accountCreationAuthAPI { + return &accountCreationAuthAPI{ + EthAddr: ethAddrToHez(dbAuth.EthAddr), + BJJ: bjjToString(dbAuth.BJJ), + Signature: "0x" + hex.EncodeToString(dbAuth.Signature), + Timestamp: dbAuth.Timestamp, + } +} + +func accountCreationAuthAPIToCommon(apiAuth *accountCreationAuthAPI) (*common.AccountCreationAuth, error) { + ethAddr, err := hezStringToEthAddr(apiAuth.EthAddr, "hezEthereumAddress") + if err != nil { + return nil, err + } + bjj, err := hezStringToBJJ(apiAuth.BJJ, "bjj") + if err != nil { + return nil, err + } + without0x := strings.TrimPrefix(apiAuth.Signature, "0x") + s, err := hex.DecodeString(without0x) + if err != nil { + return nil, err + } + auth := &common.AccountCreationAuth{ + EthAddr: *ethAddr, + BJJ: bjj, + Signature: s, + Timestamp: apiAuth.Timestamp, + } + if !auth.VerifySignature() { + return nil, errors.New("invalid signature") + } + return auth, nil +} diff --git a/api/handlers.go b/api/handlers.go index e522623..f2da415 100644 --- a/api/handlers.go +++ b/api/handlers.go @@ -30,10 +30,43 @@ var ( ) func postAccountCreationAuth(c *gin.Context) { - + // Parse body + var apiAuth accountCreationAuthAPI + if err := c.ShouldBindJSON(&apiAuth); err != nil { + retBadReq(err, c) + return + } + // API to common + verify signature + dbAuth, err := accountCreationAuthAPIToCommon(&apiAuth) + if err != nil { + retBadReq(err, c) + return + } + // Insert to DB + if err := l2.AddAccountCreationAuth(dbAuth); err != nil { + retSQLErr(err, c) + return + } + // Return OK + c.Status(http.StatusOK) } func getAccountCreationAuth(c *gin.Context) { + // Get hezEthereumAddress + addr, err := parseParamHezEthAddr(c) + if err != nil { + retBadReq(err, c) + return + } + // Fetch auth from l2DB + dbAuth, err := l2.GetAccountCreationAuth(*addr) + if err != nil { + retSQLErr(err, c) + return + } + apiAuth := accountCreationAuthToAPI(dbAuth) + // Build succesfull response + c.JSON(http.StatusOK, apiAuth) } func postPoolTx(c *gin.Context) { diff --git a/api/parsers.go b/api/parsers.go index 821f815..8d5beed 100644 --- a/api/parsers.go +++ b/api/parsers.go @@ -310,6 +310,7 @@ func hezStringToBJJ(bjjStr, name string) (*babyjub.PublicKey, error) { } return bjj, nil } + func parseEthAddr(c paramer, name string) (*ethCommon.Address, error) { addrStr := c.Param(name) if addrStr == "" { @@ -319,3 +320,9 @@ func parseEthAddr(c paramer, name string) (*ethCommon.Address, error) { err := addr.UnmarshalText([]byte(addrStr)) return &addr, err } + +func parseParamHezEthAddr(c paramer) (*ethCommon.Address, error) { + const name = "hermezEthereumAddress" + addrStr := c.Param(name) + return hezStringToEthAddr(addrStr, name) +} diff --git a/api/swagger.yml b/api/swagger.yml index ffa7474..23ec8f5 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -76,7 +76,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/AccountCreationAuthorization' + $ref: '#/components/schemas/AccountCreationAuthorizationPost' responses: '200': description: Successful operation. @@ -1251,7 +1251,7 @@ components: $ref: '#/components/schemas/Nonce' signature: allOf: - - $ref: '#/components/schemas/Signature' + - $ref: '#/components/schemas/BJJSignature' - description: Signature of the transaction. More info [here](https://idocs.hermez.io/#/spec/zkrollup/README?id=l2a-idl2). - example: "72024a43f546b0e1d9d5d7c4c30c259102a9726363adcc4ec7b6aea686bcb5116f485c5542d27c4092ae0ceaf38e3bb44417639bd2070a58ba1aa1aab9d92c03" requestFromAccountIndex: @@ -1346,7 +1346,7 @@ components: $ref: '#/components/schemas/PoolL2TransactionState' signature: allOf: - - $ref: '#/components/schemas/Signature' + - $ref: '#/components/schemas/BJJSignature' - description: Signature of the transaction. More info [here](https://idocs.hermez.io/#/spec/zkrollup/README?id=l2a-idl2). - example: "72024a43f546b0e1d9d5d7c4c30c259102a9726363adcc4ec7b6aea686bcb5116f485c5542d27c4092ae0ceaf38e3bb44417639bd2070a58ba1aa1aab9d92c03" timestamp: @@ -1517,7 +1517,12 @@ components: - fing - fged - invl - Signature: + ETHSignature: + type: string + description: Ethereum signature. + pattern: "^0x[a-fA-F0-9]{130}$" + example: "0xf9161cd688394772d93aa3e7b3f8f9553ca4f94f65b7cece93ed4a239d5c0b4677dca6d1d459e3a5c271a34de735d4664a43e5a8960a9a6e027d12c562dd448e1c" + BJJSignature: type: string description: BabyJubJub compressed signature. pattern: "^[a-fA-F0-9]{128}$" @@ -1528,6 +1533,19 @@ components: minimum: 0 maximum: 4294967295 example: 5432 + AccountCreationAuthorizationPost: + type: object + properties: + hezEthereumAddress: + $ref: '#/components/schemas/HezEthereumAddress' + bjj: + $ref: '#/components/schemas/BJJ' + signature: + $ref: '#/components/schemas/ETHSignature' + required: + - hezEthereumAddress + - bjj + - signature AccountCreationAuthorization: type: object properties: @@ -1539,12 +1557,10 @@ components: bjj: $ref: '#/components/schemas/BJJ' signature: - allOf: - - $ref: '#/components/schemas/Signature' - - description: Signature of the auth message. More info [here](https://idocs.hermez.io/#/spec/zkrollup/README?id=regular-rollup-account). - - example: "72024a43f546b0e1d9d5d7c4c30c259102a9726363adcc4ec7b6aea686bcb5116f485c5542d27c4092ae0ceaf38e3bb44417639bd2070a58ba1aa1aab9d92c03" + $ref: '#/components/schemas/ETHSignature' required: - - ethereumAddress + - timestamp + - hezEthereumAddress - bjj - signature HistoryTransaction: diff --git a/common/accountcreationauths.go b/common/accountcreationauths.go index 6d2c8e6..ba3b8d4 100644 --- a/common/accountcreationauths.go +++ b/common/accountcreationauths.go @@ -4,6 +4,7 @@ import ( "time" ethCommon "github.com/ethereum/go-ethereum/common" + ethCrypto "github.com/ethereum/go-ethereum/crypto" "github.com/iden3/go-iden3-crypto/babyjub" ) @@ -14,3 +15,36 @@ type AccountCreationAuth struct { Signature []byte `meddler:"signature"` Timestamp time.Time `meddler:"timestamp,utctime"` } + +// HashToSign builds the hash to be signed using BJJ pub key and the constant message +func (a *AccountCreationAuth) HashToSign() ([]byte, error) { + // Calculate message to be signed + const msg = "I authorize this babyjubjub key for hermez rollup account creation" + comp, err := a.BJJ.Compress().MarshalText() + if err != nil { + return nil, err + } + // Hash message (msg || compressed-bjj) + return ethCrypto.Keccak256Hash([]byte(msg), comp).Bytes(), nil +} + +// VerifySignature ensures that the Signature is done with the specified EthAddr +func (a *AccountCreationAuth) VerifySignature() bool { + // Calculate hash to be signed + msg, err := a.HashToSign() + if err != nil { + return false + } + // Get public key from Signature + pubKBytes, err := ethCrypto.Ecrecover(msg, a.Signature) + if err != nil { + return false + } + pubK, err := ethCrypto.UnmarshalPubkey(pubKBytes) + if err != nil { + return false + } + // Get addr from pubK + addr := ethCrypto.PubkeyToAddress(*pubK) + return addr == a.EthAddr +} diff --git a/db/l2db/l2db.go b/db/l2db/l2db.go index c7f57f7..fdfc9a5 100644 --- a/db/l2db/l2db.go +++ b/db/l2db/l2db.go @@ -46,7 +46,13 @@ func (l2db *L2DB) DB() *sqlx.DB { // AddAccountCreationAuth inserts an account creation authorization into the DB func (l2db *L2DB) AddAccountCreationAuth(auth *common.AccountCreationAuth) error { - return meddler.Insert(l2db.db, "account_creation_auth", auth) + // return meddler.Insert(l2db.db, "account_creation_auth", auth) + _, err := l2db.db.Exec( + `INSERT INTO account_creation_auth (eth_addr, bjj, signature) + VALUES ($1, $2, $3);`, + auth.EthAddr, auth.BJJ, auth.Signature, + ) + return err } // GetAccountCreationAuth returns an account creation authorization into the DB diff --git a/test/l2db.go b/test/l2db.go index 56368da..1f742d2 100644 --- a/test/l2db.go +++ b/test/l2db.go @@ -1,11 +1,7 @@ package test import ( - "math/big" - "strconv" - "time" - - ethCommon "github.com/ethereum/go-ethereum/common" + ethCrypto "github.com/ethereum/go-ethereum/crypto" "github.com/hermeznetwork/hermez-node/common" "github.com/iden3/go-iden3-crypto/babyjub" "github.com/jmoiron/sqlx" @@ -84,13 +80,28 @@ func GenPoolTxs(n int, tokens []common.Token) []*common.PoolL2Tx { func GenAuths(nAuths int) []*common.AccountCreationAuth { auths := []*common.AccountCreationAuth{} for i := 0; i < nAuths; i++ { - privK := babyjub.NewRandPrivKey() - auths = append(auths, &common.AccountCreationAuth{ - EthAddr: ethCommon.BigToAddress(big.NewInt(int64(i))), - BJJ: privK.Public(), - Signature: []byte(strconv.Itoa(i)), - Timestamp: time.Now(), - }) + // Generate keys + ethPrivK, err := ethCrypto.GenerateKey() + if err != nil { + panic(err) + } + bjjPrivK := babyjub.NewRandPrivKey() + // Generate auth + auth := &common.AccountCreationAuth{ + EthAddr: ethCrypto.PubkeyToAddress(ethPrivK.PublicKey), + BJJ: bjjPrivK.Public(), + } + // Sign + h, err := auth.HashToSign() + if err != nil { + panic(err) + } + signature, err := ethCrypto.Sign(h, ethPrivK) + if err != nil { + panic(err) + } + auth.Signature = signature + auths = append(auths, auth) } return auths } diff --git a/test/l2db_test.go b/test/l2db_test.go new file mode 100644 index 0000000..38b1b2f --- /dev/null +++ b/test/l2db_test.go @@ -0,0 +1,15 @@ +package test + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestGenAuths(t *testing.T) { + const nAuths = 5 + auths := GenAuths(nAuths) + for _, auth := range auths { + assert.True(t, auth.VerifySignature()) + } +}