Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add jose for verifying signatures (temporary, WIP, etc) #1165

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

Add jose for verifying signatures (temporary, WIP, etc) #1165

wants to merge 7 commits into from

Conversation

edmundnoble
Copy link
Contributor

No description provided.

@edmundnoble edmundnoble mentioned this pull request Mar 17, 2023
Closed
@EnoF
Copy link

EnoF commented Mar 21, 2023

I've added the following tests:

(expect "hashing clientdatajson should result in the same hash"
  "0n-BTHjCrUTiOhN1wWgcacSvrpL-4gyuAPAp5-_5i1I"
  (sha-256 "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiWVRNek1HWmtNakV4T0RRMU9XRmtaamRrTW1Kak1qUTJZMkpqWW1KalpHTTVZemhtTnpkaU5UVTFZakZqWWpWak5UZ3lNR0kzTW1JelpqazFOVFl3TlEiLCJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjEzMzciLCJjcm9zc09yaWdpbiI6ZmFsc2V9"))
(expect "same sig"
  "svaPFnKK5EUpBSnECZsrMCchQxyjRIwlsyRCj2pNAZRkr_W69RSiev0gNgU2la39dLkzMmaND8XlixyWL4t-vA"
  (base64-concat ["SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAABw" "0n-BTHjCrUTiOhN1wWgcacSvrpL-4gyuAPAp5-_5i1I"]))
(expect "authenticator data to be concatenated with clientdata"
  "svaPFnKK5EUpBSnECZsrMCchQxyjRIwlsyRCj2pNAZRkr_W69RSiev0gNgU2la39dLkzMmaND8XlixyWL4t-vA"
  (base64-concat
    ["SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAABw"
     (base64-encode
       (sha-256
         "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiWVRNek1HWmtNakV4T0RRMU9XRmtaamRrTW1Kak1qUTJZMkpqWW1KalpHTTVZemhtTnpkaU5UVTFZakZqWWpWak5UZ3lNR0kzTW1JelpqazFOVFl3TlEiLCJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjEzMzciLCJjcm9zc09yaWdpbiI6ZmFsc2V9"))]))

I think the sha-256 works as expected, but the base64-concat is not concatenating the strings correctly.

When converted to a byte array the length of authenticator is 37 and the client data json is 32 for the above provided values. I noticed that you are converting the base64 string to utf8, which I believe yields different results. In javascript I convert it with a function like this: Buffer.from("SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAABw", "base64") if I would similarly convert it with utf8, I would get an array length of 50 and 43.

@EnoF
Copy link

EnoF commented Mar 21, 2023

The above mentioned tests are incorrect, made some copy paste errors for the values... resulting in the false negatives.

Below are the rectified tests:

(expect "hashing clientdatajson should result in the same hash"
  "ofPpLhvmSReO2yJ8yReN2rzxtCZTgKrZ7mTcVl5QZfk"
  (sha-256 "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiYThhM0FaZlNUTkliZ3RQYlNYM2VkLXd6QmZhQm1fbDd3UDdyYTRscDh6SSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTMzNyIsImNyb3NzT3JpZ2luIjpmYWxzZSwib3RoZXJfa2V5c19jYW5fYmVfYWRkZWRfaGVyZSI6ImRvIG5vdCBjb21wYXJlIGNsaWVudERhdGFKU09OIGFnYWluc3QgYSB0ZW1wbGF0ZS4gU2VlIGh0dHBzOi8vZ29vLmdsL3lhYlBleCJ9"))
(expect "find tx-message"
  true
  (contains "\"YTMzMGZkMjExODQ1OWFkZjdkMmJjMjQ2Y2JjYmJjZGM5YzhmNzdiNTU1YjFjYjVjNTgyMGI3MmIzZjk1NTYwNQ\"" (base64-decode "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiWVRNek1HWmtNakV4T0RRMU9XRmtaamRrTW1Kak1qUTJZMkpqWW1KalpHTTVZemhtTnpkaU5UVTFZakZqWWpWak5UZ3lNR0kzTW1JelpqazFOVFl3TlEiLCJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjEzMzciLCJjcm9zc09yaWdpbiI6ZmFsc2V9")))
(expect "same sig"
  "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAAKKHz6S4b5kkXjtsifMkXjdq88bQmU4Cq2e5k3FZeUGX5"
  (base64-concat ["SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAAKA" "ofPpLhvmSReO2yJ8yReN2rzxtCZTgKrZ7mTcVl5QZfk"]))
(expect "authenticator data to be concatenated with clientdata"
  "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAAKKHz6S4b5kkXjtsifMkXjdq88bQmU4Cq2e5k3FZeUGX5"
  (base64-concat
    ["SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFAAAAKA"
      (sha-256 "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiYThhM0FaZlNUTkliZ3RQYlNYM2VkLXd6QmZhQm1fbDd3UDdyYTRscDh6SSIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTMzNyIsImNyb3NzT3JpZ2luIjpmYWxzZSwib3RoZXJfa2V5c19jYW5fYmVfYWRkZWRfaGVyZSI6ImRvIG5vdCBjb21wYXJlIGNsaWVudERhdGFKU09OIGFnYWluc3QgYSB0ZW1wbGF0ZS4gU2VlIGh0dHBzOi8vZ29vLmdsL3lhYlBleCJ9")
    ]))

@EnoF
Add a preliminary gas cost for the added functions (#1167)
7c9a15c 
- otherwise I get a penalty of 1M gas cost, which prevents me from
   testing the full e2e flow

Co-authored-by: Andy Tang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwiegley jwiegley Awaiting requested review from jwiegley jwiegley will be requested when the pull request is marked ready for review jwiegley is a code owner

@emilypi emilypi Awaiting requested review from emilypi emilypi will be requested when the pull request is marked ready for review emilypi is a code owner

@jmcardon jmcardon Awaiting requested review from jmcardon jmcardon will be requested when the pull request is marked ready for review jmcardon is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@edmundnoble @EnoF