Paych actor: Drop account req, use AuthenticateMessage to verify sigs

Author: arajasek

actors/paych/src/ext.rs

@@ -0,0 +1,16 @@
+use fvm_ipld_encoding::serde_bytes;
+use fvm_ipld_encoding::tuple::*;
+
+pub mod account {
+    use super::*;
+
+    pub const AUTHENTICATE_MESSAGE_METHOD: u64 = 3;
+
+    #[derive(Serialize_tuple, Deserialize_tuple)]
+    pub struct AuthenticateMessageParams {
+        #[serde(with = "serde_bytes")]
+        pub signature: Vec<u8>,
+        #[serde(with = "serde_bytes")]
+        pub message: Vec<u8>,
+    }
+}

actors/paych/src/lib.rs

@@ -4,7 +4,7 @@
 use fil_actors_runtime::runtime::builtins::Type;
 use fil_actors_runtime::runtime::{ActorCode, Runtime};
 use fil_actors_runtime::{
-    actor_error, cbor, resolve_to_actor_id, restrict_internal_api, ActorDowncast, ActorError, Array,
+    actor_error, cbor, restrict_internal_api, ActorDowncast, ActorError, Array, AsActorError,
 };
 use fvm_ipld_blockstore::Blockstore;
 use fvm_ipld_encoding::RawBytes;
@@ -22,6 +22,7 @@ pub use self::types::*;
 #[cfg(feature = "fil-actor")]
 fil_actors_runtime::wasm_trampoline!(Actor);
 
+pub mod ext;
 mod state;
 pub mod testing;
 mod types;
@@ -42,17 +43,25 @@ pub const ERR_CHANNEL_STATE_UPDATE_AFTER_SETTLED: ExitCode = ExitCode::new(32);
 
 /// Payment Channel actor
 pub struct Actor;
+
 impl Actor {
     /// Constructor for Payment channel actor
     pub fn constructor(rt: &mut impl Runtime, params: ConstructorParams) -> Result<(), ActorError> {
         // Only InitActor can create a payment channel actor. It creates the actor on
         // behalf of the payer/payee.
         rt.validate_immediate_caller_type(std::iter::once(&Type::Init))?;
 
-        // Check both parties are capable of signing vouchers
-        let to = Self::resolve_account(rt, &params.to)?;
+        // Resolve both parties if necessary.
+        // Note that this does NOT guarantee that the parties exist in state yet.
+        let to =
+            rt.resolve_address(&params.to).with_context_code(ExitCode::USR_NOT_FOUND, || {
+                format!("to address not found {}", params.to)
+            })?;
 
-        let from = Self::resolve_account(rt, &params.from)?;
+        let from =
+            rt.resolve_address(&params.from).with_context_code(ExitCode::USR_NOT_FOUND, || {
+                format!("to address not found {}", params.to)
+            })?;
 
         let empty_arr_cid =
             Array::<(), _>::new_with_bit_width(rt.store(), LANE_STATES_AMT_BITWIDTH)
@@ -65,28 +74,6 @@ impl Actor {
         Ok(())
     }
 
-    /// Resolves an address to a canonical ID address and requires it to address an account actor.
-    fn resolve_account(rt: &mut impl Runtime, raw: &Address) -> Result<Address, ActorError> {
-        let resolved = resolve_to_actor_id(rt, raw)?;
-
-        let code_cid = rt
-            .get_actor_code_cid(&resolved)
-            .ok_or_else(|| actor_error!(illegal_argument, "no code for address {}", resolved))?;
-
-        let typ = rt.resolve_builtin_actor_type(&code_cid);
-        if typ != Some(Type::Account) {
-            Err(actor_error!(
-                forbidden,
-                "actor {} must be an account, was {} ({:?})",
-                raw,
-                code_cid,
-                typ
-            ))
-        } else {
-            Ok(Address::new_id(resolved))
-        }
-    }
-
     pub fn update_channel_state(
         rt: &mut impl Runtime,
         params: UpdateChannelStateParams,
@@ -98,10 +85,11 @@ impl Actor {
         let sv = params.sv;
 
         // Pull signature from signed voucher
-        let sig = sv
+        let sig = &sv
             .signature
             .as_ref()
-            .ok_or_else(|| actor_error!(illegal_argument, "voucher has no signature"))?;
+            .ok_or_else(|| actor_error!(illegal_argument, "voucher has no signature"))?
+            .bytes;
 
         if st.settling_at != 0 && rt.curr_epoch() >= st.settling_at {
             return Err(ActorError::unchecked(
@@ -120,9 +108,17 @@ impl Actor {
         })?;
 
         // Validate signature
-        rt.verify_signature(sig, &signer, &sv_bz).map_err(|e| {
-            e.downcast_default(ExitCode::USR_ILLEGAL_ARGUMENT, "voucher signature invalid")
-        })?;
+
+        rt.send(
+            &signer,
+            ext::account::AUTHENTICATE_MESSAGE_METHOD,
+            RawBytes::serialize(ext::account::AuthenticateMessageParams {
+                signature: sig.to_vec(),
+                message: sv_bz,
+            })?,
+            TokenAmount::zero(),
+        )
+        .map_err(|e| e.wrap("voucher sig authentication failed"))?;
 
         let pch_addr = rt.message().receiver();
         let svpch_id = rt.resolve_address(&sv.channel_addr).ok_or_else(|| {

actors/paych/src/state.rs

@@ -5,6 +5,7 @@ use cid::Cid;
 use fvm_ipld_encoding::tuple::*;
 use fvm_ipld_encoding::Cbor;
 use fvm_shared::address::Address;
+use fvm_shared::ActorID;
 
 use fvm_shared::clock::ChainEpoch;
 use fvm_shared::econ::TokenAmount;
@@ -29,10 +30,10 @@ pub struct State {
 }
 
 impl State {
-    pub fn new(from: Address, to: Address, empty_arr_cid: Cid) -> Self {
+    pub fn new(from: ActorID, to: ActorID, empty_arr_cid: Cid) -> Self {
         Self {
-            from,
-            to,
+            from: Address::new_id(from),
+            to: Address::new_id(to),
             to_send: Default::default(),
             settling_at: 0,
             min_settle_height: 0,