solana-labs · askibin · Oct 17, 2022 · Aug 29, 2022 · Oct 11, 2022 · Oct 13, 2022
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cli/src/cli.rs b/cli/src/cli.rs
@@ -25,6 +25,7 @@ use {
         decode_error::DecodeError,
         hash::Hash,
         instruction::InstructionError,
+        offchain_message::OffchainMessage,
         pubkey::Pubkey,
         signature::{Signature, Signer, SignerError},
         stake::{instruction::LockupArgs, state::Lockup},
@@ -440,6 +441,14 @@ pub enum CliCommand {
     },
     // Address lookup table commands
     AddressLookupTable(AddressLookupTableCliCommand),
+    SignOffchainMessage {
+        message: OffchainMessage,
+    },
+    VerifyOffchainSignature {
+        signer_pubkey: Option<Pubkey>,
+        signature: Signature,
+        message: OffchainMessage,
+    },
 }
 
 #[derive(Debug, PartialEq)]
@@ -470,6 +479,8 @@ pub enum CliError {
     RpcRequestError(String),
     #[error("Keypair file not found: {0}")]
     KeypairFileNotFound(String),
+    #[error("Invalid signature")]
+    InvalidSignature,
 }
 
 impl From<Box<dyn error::Error>> for CliError {
@@ -821,6 +832,12 @@ pub fn parse_command(
             })
         }
         ("transfer", Some(matches)) => parse_transfer(matches, default_signer, wallet_manager),
+        ("sign-offchain-message", Some(matches)) => {
+            parse_sign_offchain_message(matches, default_signer, wallet_manager)
+        }
+        ("verify-offchain-signature", Some(matches)) => {
+            parse_verify_offchain_signature(matches, default_signer, wallet_manager)
+        }
         //
         ("", None) => {
             eprintln!("{}", matches.usage());
@@ -1634,11 +1651,18 @@ pub fn process_command(config: &CliConfig) -> ProcessResult {
             derived_address_program_id.as_ref(),
             compute_unit_price.as_ref(),
         ),
-
         // Address Lookup Table Commands
         CliCommand::AddressLookupTable(subcommand) => {
             process_address_lookup_table_subcommand(rpc_client, config, subcommand)
         }
+        CliCommand::SignOffchainMessage { message } => {
+            process_sign_offchain_message(config, message)
+        }
+        CliCommand::VerifyOffchainSignature {
+            signer_pubkey,
+            signature,
+            message,
+        } => process_verify_offchain_signature(config, signer_pubkey, signature, message),
     }
 }
 
@@ -2013,7 +2037,7 @@ mod tests {
         assert_eq!(
             parse_command(&test_resolve_signer, &default_signer, &mut None).unwrap(),
             CliCommandInfo {
-                command: CliCommand::ResolveSigner(Some(keypair_file)),
+                command: CliCommand::ResolveSigner(Some(keypair_file.clone())),
                 signers: vec![],
             }
         );
@@ -2029,6 +2053,43 @@ mod tests {
                 signers: vec![],
             }
         );
+
+        // Test SignOffchainMessage
+        let test_sign_offchain = test_commands.clone().get_matches_from(vec![
+            "test",
+            "sign-offchain-message",
+            "Test Message",
+        ]);
+        let message = OffchainMessage::new(0, b"Test Message").unwrap();
+        assert_eq!(
+            parse_command(&test_sign_offchain, &default_signer, &mut None).unwrap(),
+            CliCommandInfo {
+                command: CliCommand::SignOffchainMessage {
+                    message: message.clone()
+                },
+                signers: vec![read_keypair_file(&keypair_file).unwrap().into()],
+            }
+        );
+
+        // Test VerifyOffchainSignature
+        let signature = keypair.sign_message(&message.serialize().unwrap());
+        let test_verify_offchain = test_commands.clone().get_matches_from(vec![
+            "test",
+            "verify-offchain-signature",
+            "Test Message",
+            &signature.to_string(),
+        ]);
+        assert_eq!(
+            parse_command(&test_verify_offchain, &default_signer, &mut None).unwrap(),
+            CliCommandInfo {
+                command: CliCommand::VerifyOffchainSignature {
+                    signer_pubkey: None,
+                    signature,
+                    message
+                },
+                signers: vec![read_keypair_file(&keypair_file).unwrap().into()],
+            }
+        );
     }
 
     #[test]
@@ -2375,6 +2436,23 @@ mod tests {
 
         config.command = CliCommand::GetTransactionCount;
         assert!(process_command(&config).is_err());
+
+        let message = OffchainMessage::new(0, b"Test Message").unwrap();
+        config.command = CliCommand::SignOffchainMessage {
+            message: message.clone(),
+        };
+        config.signers = vec![&keypair];
+        let result = process_command(&config);
+        assert!(result.is_ok());
+
+        config.command = CliCommand::VerifyOffchainSignature {
+            signer_pubkey: None,
+            signature: result.unwrap().parse().unwrap(),
+            message,
+        };
+        config.signers = vec![&keypair];
+        let result = process_command(&config);
+        assert!(result.is_ok());
     }
 
     #[test]

diff --git a/cli/src/wallet.rs b/cli/src/wallet.rs
@@ -33,6 +33,7 @@ use {
     solana_sdk::{
         commitment_config::CommitmentConfig,
         message::Message,
+        offchain_message::OffchainMessage,
         pubkey::Pubkey,
         signature::Signature,
         stake,
@@ -274,6 +275,71 @@ impl WalletSubCommands for App<'_, '_> {
                 .arg(fee_payer_arg())
                 .arg(compute_unit_price_arg()),
         )
+        .subcommand(
+            SubCommand::with_name("sign-offchain-message")
+                .about("Sign off-chain message")
+                .arg(
+                    Arg::with_name("message")
+                        .index(1)
+                        .takes_value(true)
+                        .value_name("STRING")
+                        .required(true)
+                        .help("The message text to be signed")
+                )
+                .arg(
+                    Arg::with_name("version")
+                        .long("version")
+                        .takes_value(true)
+                        .value_name("VERSION")
+                        .required(false)
+                        .default_value("0")
+                        .validator(|p| match p.parse::<u8>() {
+                            Err(_) => Err(String::from("Must be unsigned integer")),
+                            Ok(_) => { Ok(()) }
+                        })
+                        .help("The off-chain message version")
+                )
+        )
+        .subcommand(
+            SubCommand::with_name("verify-offchain-signature")
+                .about("Verify off-chain message signature")
+                .arg(
+                    Arg::with_name("message")
+                        .index(1)
+                        .takes_value(true)
+                        .value_name("STRING")
+                        .required(true)
+                        .help("The text of the original message")
+                )
+                .arg(
+                    Arg::with_name("signature")
+                        .index(2)
+                        .value_name("SIGNATURE")
+                        .takes_value(true)
+                        .required(true)
+                        .help("The message signature to verify")
+                )
+                .arg(
+                    Arg::with_name("version")
+                        .long("version")
+                        .takes_value(true)
+                        .value_name("VERSION")
+                        .required(false)
+                        .default_value("0")
+                        .validator(|p| match p.parse::<u8>() {
+                            Err(_) => Err(String::from("Must be unsigned integer")),
+                            Ok(_) => { Ok(()) }
+                        })
+                        .help("The off-chain message version")
+                )
+                .arg(
+                    pubkey!(Arg::with_name("signer")
+                        .long("signer")
+                        .value_name("PUBKEY")
+                        .required(false),
+                        "The pubkey of the message signer (if different from config default)")
+                )
+        )
     }
 }
 
@@ -447,6 +513,54 @@ pub fn parse_transfer(
     })
 }
 
+pub fn parse_sign_offchain_message(
+    matches: &ArgMatches<'_>,
+    default_signer: &DefaultSigner,
+    wallet_manager: &mut Option<Arc<RemoteWalletManager>>,
+) -> Result<CliCommandInfo, CliError> {
+    let version: u8 = value_of(matches, "version").unwrap();
+    let message_text: String = value_of(matches, "message")
+        .ok_or_else(|| CliError::BadParameter("MESSAGE".to_string()))?;
+    let message = OffchainMessage::new(version, message_text.as_bytes())
+        .map_err(|_| CliError::BadParameter("VERSION or MESSAGE".to_string()))?;
+
+    Ok(CliCommandInfo {
+        command: CliCommand::SignOffchainMessage { message },
+        signers: vec![default_signer.signer_from_path(matches, wallet_manager)?],
+    })
+}
+
+pub fn parse_verify_offchain_signature(
+    matches: &ArgMatches<'_>,
+    default_signer: &DefaultSigner,
+    wallet_manager: &mut Option<Arc<RemoteWalletManager>>,
+) -> Result<CliCommandInfo, CliError> {
+    let version: u8 = value_of(matches, "version").unwrap();
+    let message_text: String = value_of(matches, "message")
+        .ok_or_else(|| CliError::BadParameter("MESSAGE".to_string()))?;
+    let message = OffchainMessage::new(version, message_text.as_bytes())
+        .map_err(|_| CliError::BadParameter("VERSION or MESSAGE".to_string()))?;
+
+    let signer_pubkey = pubkey_of_signer(matches, "signer", wallet_manager)?;
+    let signers = if signer_pubkey.is_some() {
+        vec![]
+    } else {
+        vec![default_signer.signer_from_path(matches, wallet_manager)?]
+    };
+
+    let signature = value_of(matches, "signature")
+        .ok_or_else(|| CliError::BadParameter("SIGNATURE".to_string()))?;
+
+    Ok(CliCommandInfo {
+        command: CliCommand::VerifyOffchainSignature {
+            signer_pubkey,
+            signature,
+            message,
+        },
+        signers,
+    })
+}
+
 pub fn process_show_account(
     rpc_client: &RpcClient,
     config: &CliConfig,
@@ -779,3 +893,29 @@ pub fn process_transfer(
         log_instruction_custom_error::<SystemError>(result, config)
     }
 }
+
+pub fn process_sign_offchain_message(
+    config: &CliConfig,
+    message: &OffchainMessage,
+) -> ProcessResult {
+    Ok(message.sign(config.signers[0])?.to_string())
+}
+
+pub fn process_verify_offchain_signature(
+    config: &CliConfig,
+    signer_pubkey: &Option<Pubkey>,
+    signature: &Signature,
+    message: &OffchainMessage,
+) -> ProcessResult {
+    let signer = if let Some(pubkey) = signer_pubkey {
+        *pubkey
+    } else {
+        config.signers[0].pubkey()
+    };
+
+    if message.verify(&signer, signature)? {
+        Ok("Signature is valid".to_string())
+    } else {
+        Err(CliError::InvalidSignature.into())
+    }
+}
diff --git a/docs/sidebars.js b/docs/sidebars.js
@@ -339,6 +339,7 @@ module.exports = {
     "offline-signing",
     "offline-signing/durable-nonce",
     "cli/usage",
+    "cli/sign-offchain-message",
   ],
   architectureSidebar: [
     {