diff --git a/src/aleph/sdk/chains/ethereum.py b/src/aleph/sdk/chains/ethereum.py index afac5bd9..5e3ff9f6 100644 --- a/src/aleph/sdk/chains/ethereum.py +++ b/src/aleph/sdk/chains/ethereum.py @@ -54,7 +54,7 @@ def verify_signature( Verifies a signature. Args: signature: The signature to verify. Can be a hex encoded string or bytes. - public_key: The sender's public key to use for verification. Can be a checksummed, hex encoded string or bytes. + public_key: The sender's public key to use for verification. Can be a checksum, hex encoded string or bytes. message: The message to verify. Can be an utf-8 string or bytes. Raises: BadSignatureError: If the signature is invalid. @@ -75,7 +75,7 @@ def verify_signature( message_hash = encode_defunct(text=message) try: address = Account.recover_message(message_hash, signature=signature) - if address != public_key: + if address.casefold() != public_key.casefold(): raise BadSignatureError except (EthBadSignatureError, BadSignatureError) as e: raise BadSignatureError from e diff --git a/tests/unit/test_chain_ethereum.py b/tests/unit/test_chain_ethereum.py index c87fc67b..72293664 100644 --- a/tests/unit/test_chain_ethereum.py +++ b/tests/unit/test_chain_ethereum.py @@ -63,6 +63,23 @@ async def test_verify_signature(ethereum_account): message["signature"], message["sender"], get_verification_buffer(message) ) + # cover all branching options + verify_signature( + message["signature"][2:], + message["sender"], + get_verification_buffer(message), + ) + verify_signature( + bytes(message["signature"], "utf-8"), + bytes.fromhex(message["sender"][2:]), + get_verification_buffer(message).decode("utf-8"), + ) + verify_signature( + bytes(message["signature"], "utf-8")[2:], + message["sender"], + get_verification_buffer(message), + ) + @pytest.mark.asyncio async def test_verify_signature_with_forged_signature(ethereum_account): @@ -98,3 +115,26 @@ async def test_decrypt_secp256k1(ethereum_account): decrypted = await account.decrypt(encrypted) assert type(decrypted) == bytes assert content == decrypted + + +@pytest.mark.asyncio +async def test_verify_signature_wrong_public_key(ethereum_account): + account = ethereum_account + + message = asdict( + Message( + "ETH", + account.get_address(), + "POST", + "SomeHash", + ) + ) + + await account.sign_message(message) + assert message["signature"] + + wrong_public_key: str = "0x" + "0" * 130 + with pytest.raises(BadSignatureError): + verify_signature( + message["signature"], wrong_public_key, get_verification_buffer(message) + ) diff --git a/tests/unit/test_chain_solana.py b/tests/unit/test_chain_solana.py index 1f862839..15f9e12f 100644 --- a/tests/unit/test_chain_solana.py +++ b/tests/unit/test_chain_solana.py @@ -60,6 +60,10 @@ async def test_SOLAccount(solana_account): assert verif == verification_buffer assert message["sender"] == signature["publicKey"] + pubkey = solana_account.get_public_key() + assert type(pubkey) == str + assert len(pubkey) == 64 + @pytest.mark.asyncio async def test_decrypt_curve25516(solana_account): @@ -90,6 +94,13 @@ async def test_verify_signature(solana_account): verify_signature(raw_signature, message["sender"], get_verification_buffer(message)) + # as bytes + verify_signature( + base58.b58decode(raw_signature), + base58.b58decode(message["sender"]), + get_verification_buffer(message).decode("utf-8"), + ) + @pytest.mark.asyncio async def test_verify_signature_with_forged_signature(solana_account):