def _data_to_sign(self) -> bytes: """ Return the binary data to be/which was signed """ assert self.non_closing_signature packed = pack_reward_proof( chain_id=self.balance_proof.chain_id, token_network_address=self.balance_proof.token_network_address, reward_amount=self.reward_amount, monitoring_service_contract_address=self.monitoring_service_contract_address, non_closing_participant=self.non_closing_participant, non_closing_signature=self.non_closing_signature, ) return packed
def verify_request_monitoring(self, partner_address: Address, requesting_address: Address) -> bool: """ One should only use this method to verify integrity and signatures of a RequestMonitoring message. """ if not self.non_closing_signature: return False balance_proof_data = pack_balance_proof( nonce=self.balance_proof.nonce, balance_hash=self.balance_proof.balance_hash, additional_hash=self.balance_proof.additional_hash, canonical_identifier=CanonicalIdentifier( chain_identifier=self.balance_proof.chain_id, token_network_address=self.balance_proof.token_network_address, channel_identifier=self.balance_proof.channel_identifier, ), ) blinded_data = pack_signed_balance_proof( msg_type=MessageTypeId.BALANCE_PROOF_UPDATE, nonce=self.balance_proof.nonce, balance_hash=self.balance_proof.balance_hash, additional_hash=self.balance_proof.additional_hash, canonical_identifier=CanonicalIdentifier( chain_identifier=self.balance_proof.chain_id, token_network_address=self.balance_proof.token_network_address, channel_identifier=self.balance_proof.channel_identifier, ), partner_signature=self.balance_proof.signature, ) reward_proof_data = pack_reward_proof( chain_id=self.balance_proof.chain_id, token_network_address=self.balance_proof.token_network_address, reward_amount=self.reward_amount, monitoring_service_contract_address=self. monitoring_service_contract_address, non_closing_participant=requesting_address, non_closing_signature=self.non_closing_signature, ) reward_proof_signature = self.reward_proof_signature or EMPTY_SIGNATURE return (recover(balance_proof_data, self.balance_proof.signature) == partner_address and recover(blinded_data, self.non_closing_signature) == requesting_address and recover(reward_proof_data, reward_proof_signature) == requesting_address)
def test_request_monitoring() -> None: properties = factories.BalanceProofSignedStateProperties( pkey=PARTNER_PRIVKEY) balance_proof = factories.create(properties) partner_signed_balance_proof = SignedBlindedBalanceProof.from_balance_proof_signed_state( balance_proof) request_monitoring = RequestMonitoring( balance_proof=partner_signed_balance_proof, non_closing_participant=ADDRESS, reward_amount=TokenAmount(55), signature=EMPTY_SIGNATURE, monitoring_service_contract_address=MSC_ADDRESS, ) assert request_monitoring request_monitoring.sign(signer) as_dict = DictSerializer.serialize(request_monitoring) assert DictSerializer.deserialize(as_dict) == request_monitoring # RequestMonitoring can be created directly from BalanceProofSignedState direct_created = RequestMonitoring.from_balance_proof_signed_state( balance_proof=balance_proof, non_closing_participant=ADDRESS, reward_amount=TokenAmount(55), monitoring_service_contract_address=MSC_ADDRESS, ) # `direct_created` is not signed while request_monitoring is assert DictSerializer().serialize( direct_created) != DictSerializer().serialize(request_monitoring) direct_created.sign(signer) # Instances created from same balance proof are equal assert direct_created == request_monitoring other_balance_proof = factories.create( factories.replace(properties, message_hash=keccak(b"2"))) other_instance = RequestMonitoring.from_balance_proof_signed_state( balance_proof=other_balance_proof, non_closing_participant=ADDRESS, reward_amount=TokenAmount(55), monitoring_service_contract_address=MSC_ADDRESS, ) other_instance.sign(signer) # different balance proof ==> non-equality assert other_instance != request_monitoring # test signature verification assert request_monitoring.non_closing_signature reward_proof_data = pack_reward_proof( token_network_address=request_monitoring.balance_proof. token_network_address, chain_id=request_monitoring.balance_proof.chain_id, reward_amount=request_monitoring.reward_amount, monitoring_service_contract_address=MSC_ADDRESS, non_closing_participant=ADDRESS, non_closing_signature=request_monitoring.non_closing_signature, ) assert request_monitoring.reward_proof_signature assert recover(reward_proof_data, request_monitoring.reward_proof_signature) == ADDRESS blinded_data = pack_signed_balance_proof( msg_type=MessageTypeId.BALANCE_PROOF_UPDATE, nonce=request_monitoring.balance_proof.nonce, balance_hash=request_monitoring.balance_proof.balance_hash, additional_hash=request_monitoring.balance_proof.additional_hash, canonical_identifier=factories.make_canonical_identifier( chain_identifier=request_monitoring.balance_proof.chain_id, token_network_address=request_monitoring.balance_proof. token_network_address, channel_identifier=request_monitoring.balance_proof. channel_identifier, ), partner_signature=request_monitoring.balance_proof.signature, ) assert recover(blinded_data, request_monitoring.non_closing_signature) == ADDRESS balance_proof_data = pack_balance_proof( nonce=request_monitoring.balance_proof.nonce, balance_hash=request_monitoring.balance_proof.balance_hash, additional_hash=request_monitoring.balance_proof.additional_hash, canonical_identifier=factories.make_canonical_identifier( chain_identifier=request_monitoring.balance_proof.chain_id, token_network_address=request_monitoring.balance_proof. token_network_address, channel_identifier=request_monitoring.balance_proof. channel_identifier, ), ) assert (recover( balance_proof_data, request_monitoring.balance_proof.signature) == PARTNER_ADDRESS) assert request_monitoring.verify_request_monitoring( PARTNER_ADDRESS, ADDRESS)
def test_tamper_request_monitoring(): """ This test shows ways, how the current implementation of the RequestMonitoring's signature scheme might be used by an attacker to tamper with the BalanceProof that is incorporated in the RequestMonitoring message, if not all three signatures are verified.""" msc_address = bytes([1] * 20) properties = factories.BalanceProofSignedStateProperties( pkey=PARTNER_PRIVKEY) balance_proof = factories.create(properties) partner_signed_balance_proof = SignedBlindedBalanceProof.from_balance_proof_signed_state( balance_proof) request_monitoring = RequestMonitoring( balance_proof=partner_signed_balance_proof, reward_amount=55, signature=EMPTY_SIGNATURE, monitoring_service_contract_address=msc_address, non_closing_participant=ADDRESS, ) request_monitoring.sign(signer) # This is the signature, that is supposed to authenticate the message that a monitoring # service receives from a node. Note: It is generated on a valid Balance proof here and reused # to authenticate invalid messages throughout the rest of the test. exploited_signature = request_monitoring.reward_proof_signature reward_proof_data = pack_reward_proof( chain_id=request_monitoring.balance_proof.chain_id, token_network_address=request_monitoring.balance_proof. token_network_address, reward_amount=request_monitoring.reward_amount, monitoring_service_contract_address=msc_address, non_closing_participant=ADDRESS, non_closing_signature=request_monitoring.non_closing_signature, ) # An attacker might change the balance hash partner_signed_balance_proof.balance_hash = "tampered".encode() tampered_balance_hash_request_monitoring = RequestMonitoring( balance_proof=partner_signed_balance_proof, reward_amount=55, non_closing_participant=ADDRESS, signature=EMPTY_SIGNATURE, monitoring_service_contract_address=MSC_ADDRESS, ) tampered_bp = tampered_balance_hash_request_monitoring.balance_proof tampered_balance_hash_reward_proof_data = pack_reward_proof( chain_id=tampered_bp.chain_id, token_network_address=request_monitoring.balance_proof. token_network_address, reward_amount=tampered_balance_hash_request_monitoring.reward_amount, monitoring_service_contract_address=msc_address, non_closing_participant=ADDRESS, non_closing_signature=request_monitoring.non_closing_signature, ) # The signature works/is unaffected by that change... recovered_address_tampered = recover( tampered_balance_hash_reward_proof_data, exploited_signature) assert recover(reward_proof_data, exploited_signature) == recovered_address_tampered assert recover(tampered_balance_hash_reward_proof_data, exploited_signature) == ADDRESS # ...but overall verification fails assert not tampered_balance_hash_request_monitoring.verify_request_monitoring( PARTNER_ADDRESS, ADDRESS) # An attacker might change the additional_hash partner_signed_balance_proof.additional_hash = "tampered".encode() tampered_additional_hash_request_monitoring = RequestMonitoring( balance_proof=partner_signed_balance_proof, reward_amount=55, signature=EMPTY_SIGNATURE, monitoring_service_contract_address=MSC_ADDRESS, non_closing_participant=ADDRESS, ) tampered_bp = tampered_additional_hash_request_monitoring.balance_proof tampered_additional_hash_reward_proof_data = pack_reward_proof( chain_id=tampered_bp.chain_id, token_network_address=(tampered_additional_hash_request_monitoring. balance_proof.token_network_address), reward_amount=tampered_additional_hash_request_monitoring. reward_amount, monitoring_service_contract_address=msc_address, non_closing_participant=ADDRESS, non_closing_signature=request_monitoring.non_closing_signature, ) # The signature works/is unaffected by that change... recovered_address_tampered = recover( tampered_additional_hash_reward_proof_data, exploited_signature) assert recover(reward_proof_data, exploited_signature) == recovered_address_tampered assert recovered_address_tampered == ADDRESS # ...but overall verification fails assert not tampered_balance_hash_request_monitoring.verify_request_monitoring( PARTNER_ADDRESS, ADDRESS) # An attacker can change the non_closing_signature partner_signed_balance_proof.non_closing_signature = "tampered".encode() tampered_non_closing_signature_request_monitoring = RequestMonitoring( balance_proof=partner_signed_balance_proof, reward_amount=55, signature=EMPTY_SIGNATURE, monitoring_service_contract_address=MSC_ADDRESS, non_closing_participant=ADDRESS, ) tampered_bp = tampered_non_closing_signature_request_monitoring.balance_proof tampered_non_closing_signature_reward_proof_data = pack_reward_proof( chain_id=tampered_bp.chain_id, token_network_address=( tampered_non_closing_signature_request_monitoring.balance_proof. token_network_address), reward_amount=tampered_non_closing_signature_request_monitoring. reward_amount, monitoring_service_contract_address=msc_address, non_closing_participant=ADDRESS, non_closing_signature=request_monitoring.non_closing_signature, ) # The signature works/is unaffected by that change... recovered_address_tampered = recover( tampered_non_closing_signature_reward_proof_data, exploited_signature) assert recover(reward_proof_data, exploited_signature) == recovered_address_tampered assert recovered_address_tampered == ADDRESS # ...but overall verification fails assert not tampered_non_closing_signature_request_monitoring.verify_request_monitoring( PARTNER_ADDRESS, ADDRESS)