Transpile 7bce2b72

test/utils/cryptography/ECDSA.test.js

@@ -0,0 +1,222 @@
+const { expectRevert } = require('@openzeppelin/test-helpers');
+const { toEthSignedMessageHash } = require('../../helpers/sign');
+
+const { expect } = require('chai');
+
+const ECDSAMock = artifacts.require('ECDSAMock');
+
+const TEST_MESSAGE = web3.utils.sha3('OpenZeppelin');
+const WRONG_MESSAGE = web3.utils.sha3('Nope');
+const NON_HASH_MESSAGE = '0x' + Buffer.from('abcd').toString('hex');
+
+function to2098Format (signature) {
+  const long = web3.utils.hexToBytes(signature);
+  if (long.length !== 65) {
+    throw new Error('invalid signature length (expected long format)');
+  }
+  if (long[32] >> 7 === 1) {
+    throw new Error('invalid signature \'s\' value');
+  }
+  const short = long.slice(0, 64);
+  short[32] |= (long[64] % 27) << 7; // set the first bit of the 32nd byte to the v parity bit
+  return web3.utils.bytesToHex(short);
+}
+
+function from2098Format (signature) {
+  const short = web3.utils.hexToBytes(signature);
+  if (short.length !== 64) {
+    throw new Error('invalid signature length (expected short format)');
+  }
+  short.push((short[32] >> 7) + 27);
+  short[32] &= (1 << 7) - 1; // zero out the first bit of 1 the 32nd byte
+  return web3.utils.bytesToHex(short);
+}
+
+function split (signature) {
+  const raw = web3.utils.hexToBytes(signature);
+  switch (raw.length) {
+  case 64:
+    return [
+      web3.utils.bytesToHex(raw.slice(0, 32)), // r
+      web3.utils.bytesToHex(raw.slice(32, 64)), // vs
+    ];
+  case 65:
+    return [
+      raw[64], // v
+      web3.utils.bytesToHex(raw.slice(0, 32)), // r
+      web3.utils.bytesToHex(raw.slice(32, 64)), // s
+    ];
+  default:
+    expect.fail('Invalid siganture length, cannot split');
+  }
+}
+
+contract('ECDSA', function (accounts) {
+  const [ other ] = accounts;
+
+  beforeEach(async function () {
+    this.ecdsa = await ECDSAMock.new();
+  });
+
+  context('recover with invalid signature', function () {
+    it('with short signature', async function () {
+      await expectRevert(this.ecdsa.recover(TEST_MESSAGE, '0x1234'), 'ECDSA: invalid signature length');
+    });
+
+    it('with long signature', async function () {
+      await expectRevert(
+        // eslint-disable-next-line max-len
+        this.ecdsa.recover(TEST_MESSAGE, '0x01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789'),
+        'ECDSA: invalid signature length',
+      );
+    });
+  });
+
+  context('recover with valid signature', function () {
+    context('using web3.eth.sign', function () {
+      it('returns signer address with correct signature', async function () {
+        // Create the signature
+        const signature = await web3.eth.sign(TEST_MESSAGE, other);
+
+        // Recover the signer address from the generated message and signature.
+        expect(await this.ecdsa.recover(
+          toEthSignedMessageHash(TEST_MESSAGE),
+          signature,
+        )).to.equal(other);
+      });
+
+      it('returns signer address with correct signature for arbitrary length message', async function () {
+        // Create the signature
+        const signature = await web3.eth.sign(NON_HASH_MESSAGE, other);
+
+        // Recover the signer address from the generated message and signature.
+        expect(await this.ecdsa.recover(
+          toEthSignedMessageHash(NON_HASH_MESSAGE),
+          signature,
+        )).to.equal(other);
+      });
+
+      it('returns a different address', async function () {
+        const signature = await web3.eth.sign(TEST_MESSAGE, other);
+        expect(await this.ecdsa.recover(WRONG_MESSAGE, signature)).to.not.equal(other);
+      });
+
+      it('reverts with invalid signature', async function () {
+        // eslint-disable-next-line max-len
+        const signature = '0x332ce75a821c982f9127538858900d87d3ec1f9f737338ad67cad133fa48feff48e6fa0c18abc62e42820f05943e47af3e9fbe306ce74d64094bdf1691ee53e01c';
+        await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature');
+      });
+    });
+
+    context('with v0 signature', function () {
+      // Signature generated outside ganache with method web3.eth.sign(signer, message)
+      const signer = '0x2cc1166f6212628A0deEf2B33BEFB2187D35b86c';
+      // eslint-disable-next-line max-len
+      const signatureWithoutVersion = '0x5d99b6f7f6d1f73d1a26497f2b1c89b24c0993913f86e9a2d02cd69887d9c94f3c880358579d811b21dd1b7fd9bb01c1d81d10e69f0384e675c32b39643be892';
+
+      it('reverts with 00 as version value', async function () {
+        const version = '00';
+        const signature = signatureWithoutVersion + version;
+        await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
+        await expectRevert(
+          this.ecdsa.recover_v_r_s(TEST_MESSAGE, ...split(signature)),
+          'ECDSA: invalid signature \'v\' value',
+        );
+      });
+
+      it('works with 27 as version value', async function () {
+        const version = '1b'; // 27 = 1b.
+        const signature = signatureWithoutVersion + version;
+        expect(await this.ecdsa.recover(TEST_MESSAGE, signature)).to.equal(signer);
+        expect(await this.ecdsa.recover_v_r_s(TEST_MESSAGE, ...split(signature))).to.equal(signer);
+        expect(await this.ecdsa.recover_r_vs(TEST_MESSAGE, ...split(to2098Format(signature)))).to.equal(signer);
+      });
+
+      it('reverts with wrong version', async function () {
+        // The last two hex digits are the signature version.
+        // The only valid values are 0, 1, 27 and 28.
+        const version = '02';
+        const signature = signatureWithoutVersion + version;
+        await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
+        await expectRevert(
+          this.ecdsa.recover_v_r_s(TEST_MESSAGE, ...split(signature)),
+          'ECDSA: invalid signature \'v\' value',
+        );
+      });
+
+      it('works with short EIP2098 format', async function () {
+        const version = '1b'; // 27 = 1b.
+        const signature = signatureWithoutVersion + version;
+        expect(await this.ecdsa.recover(TEST_MESSAGE, to2098Format(signature))).to.equal(signer);
+        expect(await this.ecdsa.recover(TEST_MESSAGE, from2098Format(to2098Format(signature)))).to.equal(signer);
+      });
+    });
+
+    context('with v1 signature', function () {
+      const signer = '0x1E318623aB09Fe6de3C9b8672098464Aeda9100E';
+      // eslint-disable-next-line max-len
+      const signatureWithoutVersion = '0x331fe75a821c982f9127538858900d87d3ec1f9f737338ad67cad133fa48feff48e6fa0c18abc62e42820f05943e47af3e9fbe306ce74d64094bdf1691ee53e0';
+
+      it('reverts with 01 as version value', async function () {
+        const version = '01';
+        const signature = signatureWithoutVersion + version;
+        await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
+        await expectRevert(
+          this.ecdsa.recover_v_r_s(TEST_MESSAGE, ...split(signature)),
+          'ECDSA: invalid signature \'v\' value',
+        );
+      });
+
+      it('works with 28 as version value', async function () {
+        const version = '1c'; // 28 = 1c.
+        const signature = signatureWithoutVersion + version;
+        expect(await this.ecdsa.recover(TEST_MESSAGE, signature)).to.equal(signer);
+        expect(await this.ecdsa.recover_v_r_s(TEST_MESSAGE, ...split(signature))).to.equal(signer);
+        expect(await this.ecdsa.recover_r_vs(TEST_MESSAGE, ...split(to2098Format(signature)))).to.equal(signer);
+      });
+
+      it('reverts with wrong version', async function () {
+        // The last two hex digits are the signature version.
+        // The only valid values are 0, 1, 27 and 28.
+        const version = '02';
+        const signature = signatureWithoutVersion + version;
+        await expectRevert(this.ecdsa.recover(TEST_MESSAGE, signature), 'ECDSA: invalid signature \'v\' value');
+        await expectRevert(
+          this.ecdsa.recover_v_r_s(TEST_MESSAGE, ...split(signature)),
+          'ECDSA: invalid signature \'v\' value',
+        );
+      });
+
+      it('works with short EIP2098 format', async function () {
+        const version = '1c'; // 27 = 1b.
+        const signature = signatureWithoutVersion + version;
+        expect(await this.ecdsa.recover(TEST_MESSAGE, to2098Format(signature))).to.equal(signer);
+        expect(await this.ecdsa.recover(TEST_MESSAGE, from2098Format(to2098Format(signature)))).to.equal(signer);
+      });
+    });
+
+    it('reverts with high-s value signature', async function () {
+      const message = '0xb94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9';
+      // eslint-disable-next-line max-len
+      const highSSignature = '0xe742ff452d41413616a5bf43fe15dd88294e983d3d36206c2712f39083d638bde0a0fc89be718fbc1033e1d30d78be1c68081562ed2e97af876f286f3453231d1b';
+      await expectRevert(this.ecdsa.recover(message, highSSignature), 'ECDSA: invalid signature \'s\' value');
+      await expectRevert(
+        this.ecdsa.recover_v_r_s(TEST_MESSAGE, ...split(highSSignature)),
+        'ECDSA: invalid signature \'s\' value',
+      );
+      expect(() => to2098Format(highSSignature)).to.throw('invalid signature \'s\' value');
+    });
+  });
+
+  context('toEthSignedMessageHash', function () {
+    it('prefixes bytes32 data correctly', async function () {
+      expect(await this.ecdsa.methods['toEthSignedMessageHash(bytes32)'](TEST_MESSAGE))
+        .to.equal(toEthSignedMessageHash(TEST_MESSAGE));
+    });
+
+    it('prefixes dynamic length data correctly', async function () {
+      expect(await this.ecdsa.methods['toEthSignedMessageHash(bytes)'](NON_HASH_MESSAGE))
+        .to.equal(toEthSignedMessageHash(NON_HASH_MESSAGE));
+    });
+  });
+});

test/utils/cryptography/MerkleProof.test.js

@@ -0,0 +1,59 @@
+require('@openzeppelin/test-helpers');
+
+const { MerkleTree } = require('merkletreejs');
+const keccak256 = require('keccak256');
+
+const { expect } = require('chai');
+
+const MerkleProofWrapper = artifacts.require('MerkleProofWrapper');
+
+contract('MerkleProof', function (accounts) {
+  beforeEach(async function () {
+    this.merkleProof = await MerkleProofWrapper.new();
+  });
+
+  describe('verify', function () {
+    it('returns true for a valid Merkle proof', async function () {
+      const elements = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='.split('');
+      const merkleTree = new MerkleTree(elements, keccak256, { hashLeaves: true, sortPairs: true });
+
+      const root = merkleTree.getHexRoot();
+
+      const leaf = keccak256(elements[0]);
+
+      const proof = merkleTree.getHexProof(leaf);
+
+      expect(await this.merkleProof.verify(proof, root, leaf)).to.equal(true);
+    });
+
+    it('returns false for an invalid Merkle proof', async function () {
+      const correctElements = ['a', 'b', 'c'];
+      const correctMerkleTree = new MerkleTree(correctElements, keccak256, { hashLeaves: true, sortPairs: true });
+
+      const correctRoot = correctMerkleTree.getHexRoot();
+
+      const correctLeaf = keccak256(correctElements[0]);
+
+      const badElements = ['d', 'e', 'f'];
+      const badMerkleTree = new MerkleTree(badElements);
+
+      const badProof = badMerkleTree.getHexProof(badElements[0]);
+
+      expect(await this.merkleProof.verify(badProof, correctRoot, correctLeaf)).to.equal(false);
+    });
+
+    it('returns false for a Merkle proof of invalid length', async function () {
+      const elements = ['a', 'b', 'c'];
+      const merkleTree = new MerkleTree(elements, keccak256, { hashLeaves: true, sortPairs: true });
+
+      const root = merkleTree.getHexRoot();
+
+      const leaf = keccak256(elements[0]);
+
+      const proof = merkleTree.getHexProof(leaf);
+      const badProof = proof.slice(0, proof.length - 5);
+
+      expect(await this.merkleProof.verify(badProof, root, leaf)).to.equal(false);
+    });
+  });
+});

test/utils/cryptography/SignatureChecker.test.js

@@ -0,0 +1,71 @@
+const { toEthSignedMessageHash } = require('../../helpers/sign');
+
+const { expect } = require('chai');
+
+const SignatureCheckerMock = artifacts.require('SignatureCheckerMock');
+const ERC1271WalletMock = artifacts.require('ERC1271WalletMock');
+
+const TEST_MESSAGE = web3.utils.sha3('OpenZeppelin');
+const WRONG_MESSAGE = web3.utils.sha3('Nope');
+
+contract('SignatureChecker (ERC1271)', function (accounts) {
+  const [signer, other] = accounts;
+
+  before('deploying', async function () {
+    this.signaturechecker = await SignatureCheckerMock.new();
+    this.wallet = await ERC1271WalletMock.new(signer);
+    this.signature = await web3.eth.sign(TEST_MESSAGE, signer);
+  });
+
+  context('EOA account', function () {
+    it('with matching signer and signature', async function () {
+      expect(await this.signaturechecker.isValidSignatureNow(
+        signer,
+        toEthSignedMessageHash(TEST_MESSAGE),
+        this.signature,
+      )).to.equal(true);
+    });
+
+    it('with invalid signer', async function () {
+      expect(await this.signaturechecker.isValidSignatureNow(
+        other,
+        toEthSignedMessageHash(TEST_MESSAGE),
+        this.signature,
+      )).to.equal(false);
+    });
+
+    it('with invalid signature', async function () {
+      expect(await this.signaturechecker.isValidSignatureNow(
+        signer,
+        toEthSignedMessageHash(WRONG_MESSAGE),
+        this.signature,
+      )).to.equal(false);
+    });
+  });
+
+  context('ERC1271 wallet', function () {
+    it('with matching signer and signature', async function () {
+      expect(await this.signaturechecker.isValidSignatureNow(
+        this.wallet.address,
+        toEthSignedMessageHash(TEST_MESSAGE),
+        this.signature,
+      )).to.equal(true);
+    });
+
+    it('with invalid signer', async function () {
+      expect(await this.signaturechecker.isValidSignatureNow(
+        this.signaturechecker.address,
+        toEthSignedMessageHash(TEST_MESSAGE),
+        this.signature,
+      )).to.equal(false);
+    });
+
+    it('with invalid signature', async function () {
+      expect(await this.signaturechecker.isValidSignatureNow(
+        this.wallet.address,
+        toEthSignedMessageHash(WRONG_MESSAGE),
+        this.signature,
+      )).to.equal(false);
+    });
+  });
+});

test/utils/cryptography/draft-EIP712.test.js

@@ -0,0 +1,57 @@
+const ethSigUtil = require('eth-sig-util');
+const Wallet = require('ethereumjs-wallet').default;
+
+const { EIP712Domain, domainSeparator } = require('../../helpers/eip712');
+
+const EIP712 = artifacts.require('EIP712External');
+
+contract('EIP712', function (accounts) {
+  const [mailTo] = accounts;
+
+  const name = 'A Name';
+  const version = '1';
+
+  beforeEach('deploying', async function () {
+    this.eip712 = await EIP712.new(name, version);
+
+    // We get the chain id from the contract because Ganache (used for coverage) does not return the same chain id
+    // from within the EVM as from the JSON RPC interface.
+    // See https://github.com/trufflesuite/ganache-core/issues/515
+    this.chainId = await this.eip712.getChainId();
+  });
+
+  it('domain separator', async function () {
+    expect(
+      await this.eip712.domainSeparator(),
+    ).to.equal(
+      await domainSeparator(name, version, this.chainId, this.eip712.address),
+    );
+  });
+
+  it('digest', async function () {
+    const chainId = this.chainId;
+    const verifyingContract = this.eip712.address;
+    const message = {
+      to: mailTo,
+      contents: 'very interesting',
+    };
+
+    const data = {
+      types: {
+        EIP712Domain,
+        Mail: [
+          { name: 'to', type: 'address' },
+          { name: 'contents', type: 'string' },
+        ],
+      },
+      domain: { name, version, chainId, verifyingContract },
+      primaryType: 'Mail',
+      message,
+    };
+
+    const wallet = Wallet.generate();
+    const signature = ethSigUtil.signTypedMessage(wallet.getPrivateKey(), { data });
+
+    await this.eip712.verify(signature, wallet.getAddressString(), message.to, message.contents);
+  });
+});