Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use signing/recovery from fuel_crypto in fuels_signers #165

Merged
merged 9 commits into from
May 5, 2022
Merged

Use signing/recovery from fuel_crypto in fuels_signers #165

merged 9 commits into from
May 5, 2022

Conversation

Br1ght0ne
Copy link
Member

@Br1ght0ne Br1ght0ne commented Mar 21, 2022
edited by adlerjohn
Loading

Close #65.

Things left:

  • impl FromStr for fuel_crypto::Signature
  • port remaining tests that require Signature::from_str
  • fix tests failing after rebase

@Br1ght0ne Br1ght0ne marked this pull request as ready for review March 21, 2022 14:35
@digorithm
Copy link
Member

Since there's still impl FromStr for fuel_crypto::Signature so I can port tests straight away left, shouldn't we keep this PR as a draft? Still, I'll be doing an initial review soon 😄

@digorithm digorithm added the enhancement New feature or request label Mar 21, 2022
@Br1ght0ne
Copy link
Member Author

Since there's still impl FromStr for fuel_crypto::Signature so I can port tests straight away left, shouldn't we keep this PR as a draft? Still, I'll be doing an initial review soon 😄

Whoops, pressed too early. Will add this impl soon :)

@adlerjohn adlerjohn marked this pull request as draft March 22, 2022 19:22
@Br1ght0ne Br1ght0ne mentioned this pull request Mar 23, 2022
Merged
@Br1ght0ne Br1ght0ne force-pushed the oleksii/replace-vm-signatures-with-crypto branch from 77ef9c9 to d9fb22f Compare March 29, 2022 15:57
@Br1ght0ne
Copy link
Member Author

Rebased on master to solve conflict in Cargo.lock.

Br1ght0ne
Br1ght0ne commented Mar 29, 2022
View reviewed changes
fuels-signers/src/lib.rs Outdated Show resolved Hide resolved
@Br1ght0ne Br1ght0ne marked this pull request as ready for review March 29, 2022 16:11
@Br1ght0ne
Copy link
Member Author

Weird that GH wants to merge/rebase this with master. I did the rebase on top of fresh master, no other changes. 🤔

adlerjohn
adlerjohn previously requested changes Mar 29, 2022
View reviewed changes
Copy link
Contributor

@adlerjohn adlerjohn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove lockfile and update from master using the button if needed

@Br1ght0ne
Copy link
Member Author

@adlerjohn Removed and cargo generate-lockfile-d a new one locally. Re button: merge commit or rebase? (no idea on the conventions)

iqdecay
iqdecay suggested changes Mar 29, 2022
View reviewed changes
Copy link
Contributor

@iqdecay iqdecay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some remarks about the unsafe, and also I'm not sure about the error handling but this might come from a misunderstanding on my end :) Otherwise looks good!

fuels-signers/src/lib.rs Outdated
@@ -48,26 +46,26 @@ mod tests {
let mut secret_seed = [0u8; 32];
rng.fill_bytes(&mut secret_seed);

let secret =
SecretKey::from_slice(&secret_seed).expect("Failed to generate random secret!");
let secret = unsafe { SecretKey::from_bytes_unchecked(secret_seed) };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be both commented to explain why we are doing an unsafe block, and IMO we should figure out the proper way to make it non-unsafe. We can't really compromise memory safety (even in this trivial case) for something like signing.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The proper way would be via TryFrom.

However, from the lines above, looks like you are creating a new random key. Hence, in this case, the proper way would be to call Secret::random

fuels-signers/src/lib.rs Outdated Show resolved Hide resolved
fuels-signers/src/lib.rs Outdated Show resolved Hide resolved
fuels-signers/src/util.rs Outdated
@@ -37,14 +36,10 @@ pub mod test_helpers {

let secret_seed = rng.gen::<[u8; 32]>();

let secret =
SecretKey::from_slice(&secret_seed).expect("Failed to generate random secret!");
let secret = unsafe { SecretKey::from_bytes_unchecked(secret_seed) };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same remark as before

fuels-signers/src/wallet.rs Outdated
@@ -32,8 +29,7 @@ use thiserror::Error;
/// let mut secret_seed = [0u8; 32];
/// rng.fill_bytes(&mut secret_seed);
///
/// let secret =
/// SecretKey::from_slice(&secret_seed).expect("Failed to generate random secret!");
/// let secret = unsafe { SecretKey::from_bytes_unchecked(secret_seed) };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above

fuels-signers/src/wallet.rs Outdated Show resolved Hide resolved
fuels-signers/src/wallet.rs Outdated Show resolved Hide resolved
@adlerjohn
Copy link
Contributor

merge commit or rebase?

Merge commit, so that reviewers know what's changed. On the topic of the lockfile, you need to remove because it's not supposed to be there: #179

Updating from master will also update your gitignore so it's not added again by accident.

@Br1ght0ne Br1ght0ne force-pushed the oleksii/replace-vm-signatures-with-crypto branch from e2dbb35 to bd63da9 Compare March 30, 2022 08:25
@Br1ght0ne Br1ght0ne marked this pull request as draft March 31, 2022 09:07
@Br1ght0ne
Use signing/recovery from fuel_crypto in fuels_signers
f014958 
Remove secp256k1 dep from fuels-signers

Remove secp256k1 dep from fuels-signers
@Br1ght0ne
Fix tests and cargo lints
ebd17bd 
Remove unneeded Result
@Br1ght0ne Br1ght0ne force-pushed the oleksii/replace-vm-signatures-with-crypto branch from c546124 to ebd17bd Compare April 12, 2022 15:06
@Br1ght0ne
Copy link
Member Author

Br1ght0ne commented Apr 12, 2022
edited
Loading

Needs UTXO validation in send_transaction and transfer_coins_with_change. Working on it.

@digorithm
Copy link
Member

digorithm commented May 3, 2022
edited by adlerjohn
Loading

@Br1ght0ne Please take a look at the changes I introduced at a5026c6.

Here's a quick explanation:

  1. tx.id() hashes the transaction to get the transaction ID;
  2. fuel-crypto's Message::new() hashes the bytes passed onto it.

Before, this is what you were doing:

let id = tx.id();
let sig = Signature::sign(&self.private_key, &Message::new(&id));

Effectively hashing the transaction bytes twice. This caused the recovered public key to be wrong because the Message was wrong (double hashed), causing a mismatch between the input coin's owner (correct) and the recovered public key (incorrect), which is the error you had been seeing all this time.

@adlerjohn adlerjohn marked this pull request as ready for review May 4, 2022 16:17
@adlerjohn adlerjohn requested review from iqdecay and vlopes11 May 4, 2022 16:30
iqdecay
iqdecay approved these changes May 5, 2022
View reviewed changes
Copy link
Contributor

@iqdecay iqdecay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All my questions have been nicely addressed afai can see! lgtm!

@digorithm digorithm merged commit adf81bd into master May 5, 2022
@digorithm digorithm deleted the oleksii/replace-vm-signatures-with-crypto branch May 5, 2022 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Voxelot Voxelot Voxelot left review comments

@adlerjohn adlerjohn adlerjohn approved these changes

@iqdecay iqdecay iqdecay approved these changes

@digorithm digorithm Awaiting requested review from digorithm digorithm is a code owner

@vlopes11 vlopes11 Awaiting requested review from vlopes11

Assignees

@Br1ght0ne Br1ght0ne

Labels
enhancement New feature or request
Projects
Fuel Network
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use fuel-crypto instead of fuel-vm for signatures
6 participants
@Br1ght0ne @digorithm @adlerjohn @Voxelot @vlopes11 @iqdecay