wip

cabal.project

@@ -63,8 +63,8 @@ package yet-another-logger
 source-repository-package
     type: git
     location: https://github.com/kadena-io/pact.git
-    tag: e193c1390c2504862e4eb323e789494fd11cc61d
-    --sha256: sha256-Llo5dYDcbvtUEHffIhlOvaVmfLNohu7pN3sKJR1c33c=
+    tag: f978fa4112ec9552f8454807afd3ed2aaf2de777
+    --sha256: sha256-tUcoYqNq0Vyt3wXxcemd9sHbdsjoqTSbPRQ15wlH0s0=
 
 source-repository-package
     type: git

src/Chainweb/Pact/PactService/ExecBlock.hs

@@ -257,7 +257,7 @@ validateChainwebTxs logger v cid cp txValidationTime bh txs doBuyGas
         sigs = P._cmdSigs t
         signers = P._pSigners $ payloadObj $ P._cmdPayload t
         validSchemes = validPPKSchemes v cid bh
-        validProv = validWebAuthnSignatureProvenance v cid bh
+        validProv = validWebAuthnSignatureEncoding v cid bh
 
     initTxList :: ValidateTxs
     initTxList = V.map Right txs

src/Chainweb/Pact/RestAPI/Server.hs

@@ -117,7 +117,7 @@ import qualified Chainweb.TreeDB as TreeDB
 import Chainweb.Utils
 import Chainweb.Version
 import Chainweb.Pact.Validations (assertCommand)
-import Chainweb.Version.Guards (validPPKSchemes, validWebAuthnSignatureProvenance)
+import Chainweb.Version.Guards (validPPKSchemes, validWebAuthnSignatureEncoding)
 import Chainweb.WebPactExecutionService
 
 import Chainweb.Storage.Table
@@ -696,7 +696,7 @@ validateCommand v cid cmdText = case parsedPayload of
         if assertCommand
              commandParsed
              (validPPKSchemes v cid maxBound)
-             (validWebAuthnSignatureProvenance v cid maxBound)
+             (validWebAuthnSignatureEncoding v cid maxBound)
         then Right commandParsed
         else Left "Command failed validation"
   Left e -> Left $ "Pact parsing error: " ++ e

src/Chainweb/Pact/Validations.hs

@@ -53,7 +53,7 @@ import Chainweb.Pact.Service.Types
 import Chainweb.Time (Seconds(..), Time(..), secondsToTimeSpan, scaleTimeSpan, second, add)
 import Chainweb.Transaction (cmdTimeToLive, cmdCreationTime, PayloadWithText, payloadBytes, payloadObj)
 import Chainweb.Version
-import Chainweb.Version.Guards (validPPKSchemes, validWebAuthnSignatureProvenance)
+import Chainweb.Version.Guards (validPPKSchemes, validWebAuthnSignatureEncoding)
 
 import qualified Pact.Types.Gas as P
 import qualified Pact.Types.Hash as P
@@ -78,7 +78,7 @@ assertLocalMetadata cmd@(P.Command pay sigs hsh) txCtx sigVerify = do
 
     let bh = ctxCurrentBlockHeight txCtx
     let validSchemes = validPPKSchemes v cid bh
-    let validProv = validWebAuthnSignatureProvenance v cid bh
+    let validProv = validWebAuthnSignatureEncoding v cid bh
 
     let P.PublicMeta pcid _ gl gp _ _ = P._pMeta pay
         nid = P._pNetworkId pay
@@ -160,8 +160,8 @@ assertTxSize initialGas gasLimit = initialGas < fromIntegral gasLimit
 -- | Check and assert that signers and user signatures are valid for a given
 -- transaction hash.
 --
-assertValidateSigs :: [P.PPKScheme] -> [P.WebAuthnSigProvenance] -> P.PactHash -> [P.Signer] -> [P.UserSig] -> Bool
-assertValidateSigs validSchemes validProvenance hsh signers sigs
+assertValidateSigs :: [P.PPKScheme] -> [P.WebAuthnSigEncoding] -> P.PactHash -> [P.Signer] -> [P.UserSig] -> Bool
+assertValidateSigs validSchemes validEncoding hsh signers sigs
     | length signers /= length sigs = False
     | otherwise = and $ zipWith verifyUserSig sigs signers
     where verifyUserSig sig signer =
@@ -170,7 +170,7 @@ assertValidateSigs validSchemes validProvenance hsh signers sigs
               okScheme = sigScheme `elem` validSchemes
               okSignature = isRight $ P.verifyUserSig hsh sig signer
               okProvenance = case sig of
-                P.WebAuthnSig _ provenance -> provenance `elem` validProvenance
+                P.WebAuthnSig _ provenance -> provenance `elem` validEncoding
                 _ -> True
             in okScheme && okProvenance && okSignature
 
@@ -200,10 +200,10 @@ assertTxTimeRelativeToParent (ParentCreationTime (BlockCreationTime txValidation
 
 -- | Assert that the command hash matches its payload and
 -- its signatures are valid, without parsing the payload.
-assertCommand :: P.Command PayloadWithText -> [P.PPKScheme] -> [P.WebAuthnSigProvenance] -> Bool
-assertCommand (P.Command pwt sigs hsh) ppkSchemePassList validWebAuthnProvenance =
+assertCommand :: P.Command PayloadWithText -> [P.PPKScheme] -> [P.WebAuthnSigEncoding] -> Bool
+assertCommand (P.Command pwt sigs hsh) ppkSchemePassList validWebAuthnEncoding =
   isRight assertHash &&
-  assertValidateSigs ppkSchemePassList validWebAuthnProvenance hsh signers sigs
+  assertValidateSigs ppkSchemePassList validWebAuthnEncoding hsh signers sigs
   where
     cmdBS = SBS.fromShort $ payloadBytes pwt
     signers = P._pSigners (payloadObj pwt)

src/Chainweb/Version/Guards.hs

@@ -48,7 +48,7 @@ module Chainweb.Version.Guards
     , maxBlockGasLimit
     , validPPKSchemes
     , validKeyFormats
-    , validWebAuthnSignatureProvenance
+    , validWebAuthnSignatureEncoding
 
     -- ** BlockHeader Validation Guards
     , slowEpochGuard
@@ -62,7 +62,7 @@ import Control.Lens
 import Numeric.Natural
 import Pact.Types.KeySet (PublicKeyText, ed25519HexFormat, webAuthnFormat)
 import Pact.Types.Scheme (PPKScheme(ED25519, WebAuthn))
-import Pact.Types.Crypto (WebAuthnSigProvenance(WebAuthnStringified, WebAuthnObject))
+import Pact.Types.Crypto (WebAuthnSigEncoding(WebAuthnStringified, WebAuthnObject))
 
 import Chainweb.BlockHeight
 import Chainweb.ChainId
@@ -272,10 +272,10 @@ validKeyFormats v cid bh =
   then [ed25519HexFormat, webAuthnFormat]
   else [ed25519HexFormat]
 
--- | Different versions of Chainweb allow different WebAuthn signature provenance.
+-- | Different versions of Chainweb allow different WebAuthn signature encoding.
 --
-validWebAuthnSignatureProvenance :: ChainwebVersion -> ChainId -> BlockHeight -> [WebAuthnSigProvenance]
-validWebAuthnSignatureProvenance v cid bh =
+validWebAuthnSignatureEncoding :: ChainwebVersion -> ChainId -> BlockHeight -> [WebAuthnSigEncoding]
+validWebAuthnSignatureEncoding v cid bh =
   if chainweb222Pact v cid bh
   then [WebAuthnStringified, WebAuthnObject]
   else [WebAuthnStringified]

test/Chainweb/Test/Pact/PactMultiChainTest.hs

@@ -30,6 +30,7 @@ import Test.Tasty.HUnit
 import Pact.Types.Capability
 import Pact.Types.Command
 import Pact.Types.Continuation
+import Pact.Types.Crypto (WebAuthnSigEncoding(WebAuthnObject, WebAuthnStringified))
 import Pact.Types.Hash
 import Pact.Types.PactError
 import Pact.Types.PactValue
@@ -1095,10 +1096,14 @@ pact49UpgradeTest = do
 
 pact410UpgradeTest :: PactTestM ()
 pact410UpgradeTest = do
-  runToHeight 114
+  runToHeight 80
 
   runBlockTest
-    [ PactTxTest (buildBasicGasWebAuthn 1000 $ mkExec' "(+ 1 2)") $ assertTxSuccess "Should succeed" (pInteger 3)  ]
+    [ PactTxTest (buildBasicGasWebAuthn WebAuthnObject 1000 $ mkExec' "(+ 1 2)") $
+      assertTxSuccess "Should succeed" (pInteger 3)
+    , PactTxTest (buildBasicGasWebAuthn WebAuthnStringified 1000 $ mkExec' "(+ 1 3)") $
+      assertTxSuccess "Should succeed" (pInteger 4)
+    ]
 
 
 pact4coin3UpgradeTest :: PactTestM ()
@@ -1399,8 +1404,8 @@ buildXReceive
 buildXReceive (proof,pid) = buildBasic $
     mkCont ((mkContMsg pid 1) { _cmProof = Just proof })
 
-signWebAuthn00 :: CmdBuilder -> CmdBuilder
-signWebAuthn00 = set cbSigners [mkWebAuthnSigner' sender02WebAuthn []]
+signWebAuthn00 :: WebAuthnSigEncoding -> CmdBuilder -> CmdBuilder
+signWebAuthn00 webAuthnSigEncoding = set cbSigners [mkWebAuthnSigner' sender02WebAuthn [] webAuthnSigEncoding]
 
 signSender00 :: CmdBuilder -> CmdBuilder
 signSender00 = set cbSigners [mkEd25519Signer' sender00 []]
@@ -1430,17 +1435,18 @@ buildBasic' f r = MempoolCmdBuilder $ \(MempoolInput _ bh) ->
   $ mkCmd (sshow bh) r
 
 buildBasicWebAuthn'
-    :: (CmdBuilder -> CmdBuilder)
+    :: WebAuthnSigEncoding
+    -> (CmdBuilder -> CmdBuilder)
     -> PactRPC T.Text
     -> MempoolCmdBuilder
-buildBasicWebAuthn' f r = MempoolCmdBuilder $ \(MempoolInput _ bh) ->
-  f $ signWebAuthn00
+buildBasicWebAuthn' webAuthnSigEncoding f r = MempoolCmdBuilder $ \(MempoolInput _ bh) ->
+  f $ signWebAuthn00 webAuthnSigEncoding
   $ setFromHeader bh
   $ mkCmd (sshow bh) r
 
 
-buildBasicGasWebAuthn :: GasLimit -> PactRPC T.Text -> MempoolCmdBuilder
-buildBasicGasWebAuthn g = buildBasicWebAuthn' (set cbGasLimit g)
+buildBasicGasWebAuthn :: WebAuthnSigEncoding -> GasLimit -> PactRPC T.Text -> MempoolCmdBuilder
+buildBasicGasWebAuthn webAuthnSigEncoding g = buildBasicWebAuthn' webAuthnSigEncoding (set cbGasLimit g)
 
 
 -- | Get output on latest cut for chain

test/Chainweb/Test/Pact/Utils.hs

@@ -29,6 +29,7 @@ module Chainweb.Test.Pact.Utils
 , sender01
 , sender00Ks
 , sender02WebAuthn
+, sender03WebAuthn
 , allocation00KeyPair
 , testKeyPairs
 , mkKeySetData
@@ -81,6 +82,7 @@ module Chainweb.Test.Pact.Utils
 , CmdSigner
 , csSigner
 , csPrivKey
+, csWebAuthnEncoding
 -- * Pact Service creation
 , withPactTestBlockDb
 , withWebPactExecutionService
@@ -232,6 +234,11 @@ sender02WebAuthn =
            ("a4010103272006215820c18831c6f15306d6271e154842906b68f26c1af79b132dde6f6add79710303bf"
            ,"fecd4feb1243d715d095e24713875ca76c476f8672ec487be8e3bc110dd329ab")
 
+sender03WebAuthn :: SimpleKeyPair
+sender03WebAuthn =
+           ("a4010103272006215820ad72392508272b4c45536976474cdd434e772bfd630738ee9aac7343e7222eb6"
+           ,"ebe7d1119a53863fa64be7347d82d9fcc9ebeb8cbbe480f5e8642c5c36831434")
+
 allocation00KeyPair :: SimpleKeyPair
 allocation00KeyPair =
     ( "d82d0dcde9825505d86afb6dcc10411d6b67a429a79e21bda4bb119bf28ab871"
@@ -455,8 +462,8 @@ mkGasCap = mkCoinCap "GAS" []
 data CmdSigner = CmdSigner
   { _csSigner :: !Signer
   , _csPrivKey :: !Text
-  , _csWebAuthnEncoding :: Maybe WebAuthnProvenance
-    -- ^ When this field is set, we override the WebAuthn provenance
+  , _csWebAuthnEncoding :: WebAuthnSigEncoding
+    -- ^ When this field is set, we override the WebAuthn encoding
     -- of the signatures in order to influence how the signatures
     -- will be encoded. This is used for testing.
   } deriving (Eq,Show,Ord,Generic)
@@ -465,7 +472,9 @@ data CmdSigner = CmdSigner
 mkEd25519Signer :: Text -> Text -> [SigCapability] -> CmdSigner
 mkEd25519Signer pubKey privKey caps = CmdSigner
   { _csSigner = signer
-  , _csPrivKey = privKey }
+  , _csPrivKey = privKey
+  , _csWebAuthnEncoding = WebAuthnObject
+  }
   where
     signer = Signer
       { _siScheme = Nothing
@@ -476,19 +485,21 @@ mkEd25519Signer pubKey privKey caps = CmdSigner
 mkEd25519Signer' :: SimpleKeyPair -> [SigCapability] -> CmdSigner
 mkEd25519Signer' (pub,priv) = mkEd25519Signer pub priv
 
-mkWebAuthnSigner :: Text -> Text -> [SigCapability] -> CmdSigner
-mkWebAuthnSigner pubKey privKey caps = CmdSigner
+mkWebAuthnSigner :: Text -> Text -> [SigCapability] -> WebAuthnSigEncoding -> CmdSigner
+mkWebAuthnSigner pubKey privKey caps prov = CmdSigner
   { _csSigner = signer
-  , _csPrivKey = privKey }
+  , _csPrivKey = privKey
+  , _csWebAuthnEncoding = prov
+  }
   where
     signer = Signer
       { _siScheme = Just WebAuthn
       , _siPubKey = pubKey
       , _siAddress = Nothing
       , _siCapList = caps }
 
-mkWebAuthnSigner' :: SimpleKeyPair -> [SigCapability] -> CmdSigner
-mkWebAuthnSigner' (pub, priv) = mkWebAuthnSigner pub priv
+mkWebAuthnSigner' :: SimpleKeyPair -> [SigCapability] -> WebAuthnSigEncoding -> CmdSigner
+mkWebAuthnSigner' (pub, priv) caps prov = mkWebAuthnSigner pub priv caps prov
 
 -- | Chainweb-oriented command builder.
 data CmdBuilder = CmdBuilder
@@ -578,7 +589,7 @@ dieL :: MonadThrow m => [Char] -> Either [Char] a -> m a
 dieL msg = either (\s -> throwM $ userError $ msg ++ ": " ++ s) return
 
 toApiKp :: MonadThrow m => CmdSigner -> m ApiKeyPair
-toApiKp (CmdSigner Signer{..} privKey) = do
+toApiKp (CmdSigner Signer{..} privKey _webAuthnEncoding) = do
   sk <- dieL "private key" $ parseB16TextOnly privKey
   pk <- dieL "public key" $ parseB16TextOnly _siPubKey
   return $!