Fix RLP decoding and structure, secp256k1 verification (#17)

Author: vorot93

src/builder.rs

@@ -12,6 +12,7 @@ pub struct EnrBuilder<K: EnrKey> {
     seq: u64,
 
     /// The key-value pairs for the ENR record.
+    /// Values are stored as RLP encoded bytes.
     content: BTreeMap<Key, Vec<u8>>,
 
     /// Pins the generic key types.
@@ -38,19 +39,24 @@ impl<K: EnrKey> EnrBuilder<K> {
     }
 
     /// Adds an arbitrary key-value to the `ENRBuilder`.
-    pub fn add_value(&mut self, key: impl AsRef<[u8]>, value: Vec<u8>) -> &mut Self {
-        self.content.insert(key.as_ref().to_vec(), value);
+    pub fn add_value(&mut self, key: impl AsRef<[u8]>, value: &[u8]) -> &mut Self {
+        self.add_value_rlp(key, rlp::encode(&value))
+    }
+
+    /// Adds an arbitrary key-value where the value is raw RLP encoded bytes.
+    pub fn add_value_rlp(&mut self, key: impl AsRef<[u8]>, rlp: Vec<u8>) -> &mut Self {
+        self.content.insert(key.as_ref().to_vec(), rlp);
         self
     }
 
     /// Adds an `ip` field to the `ENRBuilder`.
     pub fn ip(&mut self, ip: IpAddr) -> &mut Self {
         match ip {
             IpAddr::V4(addr) => {
-                self.content.insert(b"ip".to_vec(), addr.octets().to_vec());
+                self.add_value("ip", &addr.octets());
             }
             IpAddr::V6(addr) => {
-                self.content.insert(b"ip6".to_vec(), addr.octets().to_vec());
+                self.add_value("ip6", &addr.octets());
             }
         }
         self
@@ -62,36 +68,32 @@ impl<K: EnrKey> EnrBuilder<K> {
 
     /// Adds an `Id` field to the `ENRBuilder`.
     pub fn id(&mut self, id: &str) -> &mut Self {
-        self.content.insert("id".into(), id.as_bytes().to_vec());
+        self.add_value("id", &id.as_bytes());
         self
     }
     */
 
     /// Adds a `tcp` field to the `ENRBuilder`.
     pub fn tcp(&mut self, tcp: u16) -> &mut Self {
-        self.content
-            .insert("tcp".into(), tcp.to_be_bytes().to_vec());
+        self.add_value("tcp", &tcp.to_be_bytes());
         self
     }
 
     /// Adds a `tcp6` field to the `ENRBuilder`.
     pub fn tcp6(&mut self, tcp: u16) -> &mut Self {
-        self.content
-            .insert("tcp6".into(), tcp.to_be_bytes().to_vec());
+        self.add_value("tcp6", &tcp.to_be_bytes());
         self
     }
 
     /// Adds a `udp` field to the `ENRBuilder`.
     pub fn udp(&mut self, udp: u16) -> &mut Self {
-        self.content
-            .insert("udp".into(), udp.to_be_bytes().to_vec());
+        self.add_value("udp", &udp.to_be_bytes());
         self
     }
 
     /// Adds a `udp6` field to the `ENRBuilder`.
     pub fn udp6(&mut self, udp: u16) -> &mut Self {
-        self.content
-            .insert("udp6".into(), udp.to_be_bytes().to_vec());
+        self.add_value("udp6", &udp.to_be_bytes());
         self
     }
 
@@ -102,7 +104,8 @@ impl<K: EnrKey> EnrBuilder<K> {
         stream.append(&self.seq);
         for (k, v) in &self.content {
             stream.append(k);
-            stream.append(v);
+            // The values are stored as raw RLP encoded bytes
+            stream.append_raw(v, 1);
         }
         stream.drain()
     }
@@ -120,7 +123,7 @@ impl<K: EnrKey> EnrBuilder<K> {
 
     /// Adds a public key to the ENR builder.
     fn add_public_key(&mut self, key: &K::PublicKey) {
-        self.add_value(key.enr_key(), key.encode());
+        self.add_value(key.enr_key(), &key.encode());
     }
 
     /// Constructs an ENR from the `EnrBuilder`.
@@ -133,8 +136,17 @@ impl<K: EnrKey> EnrBuilder<K> {
             return Err(EnrError::UnsupportedIdentityScheme);
         }
 
-        self.content
-            .insert("id".into(), self.id.as_bytes().to_vec());
+        // Sanitize all data, ensuring all RLP data is correctly formatted.
+        for (key, value) in &self.content {
+            if rlp::Rlp::new(value).data().is_err() {
+                return Err(EnrError::InvalidRLPData(
+                    String::from_utf8_lossy(key).into(),
+                ));
+            }
+        }
+
+        let id_bytes = &self.id.as_bytes().to_vec();
+        self.add_value("id", id_bytes);
 
         self.add_public_key(&key.public());
         let rlp_content = self.rlp_content();

src/keys/ed25519.rs

@@ -30,6 +30,10 @@ impl EnrKey for ed25519::Keypair {
         let pubkey_bytes = content
             .get(ENR_KEY.as_bytes())
             .ok_or_else(|| DecoderError::Custom("Unknown signature"))?;
+
+        // Decode the RLP
+        let pubkey_bytes = rlp::Rlp::new(pubkey_bytes).data()?;
+
         ed25519::PublicKey::from_bytes(pubkey_bytes)
             .map_err(|_| DecoderError::Custom("Invalid ed25519 Signature"))
     }

src/keys/k256.rs

@@ -39,6 +39,9 @@ impl EnrKey for SigningKey {
             .get(ENR_KEY.as_bytes())
             .ok_or_else(|| DecoderError::Custom("Unknown signature"))?;
 
+        // Decode the RLP
+        let pubkey_bytes = rlp::Rlp::new(pubkey_bytes).data()?;
+
         // should be encoded in compressed form, i.e 33 byte raw secp256k1 public key
         Ok(VerifyKey::new(pubkey_bytes)
             .map_err(|_| DecoderError::Custom("Invalid Secp256k1 Signature"))?)

src/keys/libsecp256k1.rs

@@ -35,6 +35,10 @@ impl EnrKey for secp256k1::SecretKey {
         let pubkey_bytes = content
             .get(ENR_KEY.as_bytes())
             .ok_or_else(|| DecoderError::Custom("Unknown signature"))?;
+
+        // Decode the RLP
+        let pubkey_bytes = rlp::Rlp::new(pubkey_bytes).data()?;
+
         // should be encoded in compressed form, i.e 33 byte raw secp256k1 public key
         secp256k1::PublicKey::parse_slice(
             pubkey_bytes,
@@ -48,11 +52,12 @@ impl EnrPublicKey for secp256k1::PublicKey {
     /// Verify a raw message, given a public key for the v4 identity scheme.
     fn verify_v4(&self, msg: &[u8], sig: &[u8]) -> bool {
         let msg = digest(msg);
-        secp256k1::Signature::parse_slice(sig)
-            .and_then(|sig| {
-                secp256k1::Message::parse_slice(&msg).map(|m| secp256k1::verify(&m, &sig, self))
-            })
-            .is_ok()
+        if let Ok(sig) = secp256k1::Signature::parse_slice(sig) {
+            if let Ok(msg) = secp256k1::Message::parse_slice(&msg) {
+                return secp256k1::verify(&msg, &sig, self);
+            }
+        }
+        false
     }
 
     /// Encodes the public key into compressed form, if possible.

src/keys/rust_secp256k1.rs

@@ -31,6 +31,8 @@ impl EnrKey for c_secp256k1::SecretKey {
             .get(ENR_KEY.as_bytes())
             .ok_or_else(|| DecoderError::Custom("Unknown signature"))?;
         // should be encoded in compressed form, i.e 33 byte raw secp256k1 public key
+        // Decode the RLP
+        let pubkey_bytes = rlp::Rlp::new(pubkey_bytes).data()?;
         c_secp256k1::PublicKey::from_slice(pubkey_bytes)
             .map_err(|_| DecoderError::Custom("Invalid Secp256k1 Signature"))
     }
@@ -39,12 +41,14 @@ impl EnrKey for c_secp256k1::SecretKey {
 impl EnrPublicKey for c_secp256k1::PublicKey {
     fn verify_v4(&self, msg: &[u8], sig: &[u8]) -> bool {
         let msg = digest(msg);
-        c_secp256k1::Signature::from_compact(sig)
-            .and_then(|sig| {
-                c_secp256k1::Message::from_slice(&msg)
-                    .map(|m| c_secp256k1::Secp256k1::new().verify(&m, &sig, self))
-            })
-            .is_ok()
+        if let Ok(sig) = c_secp256k1::Signature::from_compact(sig) {
+            if let Ok(msg) = c_secp256k1::Message::from_slice(&msg) {
+                return c_secp256k1::Secp256k1::new()
+                    .verify(&msg, &sig, self)
+                    .is_ok();
+            }
+        }
+        false
     }
 
     fn encode(&self) -> Vec<u8> {