feat: add system support for EIP-191, contracts support for EIP-(712,1271,6492) (#294)

* feat: move erc7824 documentation to nitrolite (#272)

* feat: move erc7824 documentation to nitrolite

* feat: move GH actions to common scope

* fix: comment GITHUB_TOKEN

* feat(custody): add EIP-191, EIP-712 signature support (#257)

* feat(custody): add EIP-191, EIP-712 support

* feat(custody): correct EIP-712 sig impl

* feat(utils): add POLA principle comment

* feat(contract): add EIP712AdjudicatorBase

* feat(contract): integrate EIP712AdjudicatorBase to supported adjs

* fix(contract): tests with updated adjs

* test(contract): EIP712AdjudicatorBase

* test(contract): SimpleConsensus EIP191, EIP712 sigs

* test(contract): Utils signatures

* test(contract): Custody, SimpleConsensus integration tests for sigs

* refactor(contract): migrate sig to bytes (#279)

* refactor(Types): replace Signature{v,r,s} with bytes

* style(contract): add empty lines at the end

* refactor(clearnode): replace Signature{r,s,v} with []byte (#283)

* refactor(sdk): migrate `Signature{r,s,v}` to `Hex` (#284)

* refactor(sdk): replace Signature{r,s,v} with Hex

* fix(NitroliteService): perform convertStateFromContract correctly

* fix(rpc): expect updated signature type from rpc

* style(sdk/rpc): remove ServerSignatureSchema var

* feat(sdk/rpc): add empty signatures array by default

* feat(sdk): add build:force command

* feat(sdk): remove npm build:force

* refactor(clearnode): define `Signature []byte` type (#287)

* refactor(clearnode): define `Signature []byte` type

* refactor(clearnode::RPCEntry): replace sig `[]string` with `[]Signature`

* feat(clearnode/nitrolite): add Sigs2Strings, Strings2Sigs helpers

* fix(integration): tests sig migration (#289)

* feat(docker-compose): add ability to pass logger visibility to clearnode

* fix(clearnode): raw ECDSA sign and verify

* fix(clearnode): try to extract req id on ummarshal error

* fix(integration): update sig to new type

* feat(sdk): change type of sig array to contain only Hex

* refactor(clearnode): remove check on nil Req, zero-init instead

* fix(clearnode:nitrolite): remove unintended side-effect of sig param modif

* feat(custody): add note about ephemeral final state

* style(contract): run forge fmt

* fix(clearnode/docs): remove legacy signature format

* feat(custody): eip-1271, eip-6492 sigs support (#293)

* feat(contract): add ERC-1271,6492 support

* test(contract/Utils.sol): add ERC-1271, 6492 tests

* refactor(contract:Utils.t.sol): separate tests into contracts

* refactor(UtilsHarness): do NOT expose constants

* fix(contracts/adjudicators): use verifyStateSignature instead of just EOA sig

* test(contract/Custody): add ERC-1271, 6492 sig to integration test

* test(contract/Custody): add challenge with EIP-712, EIP-1271 tests

* refactor(contract/Utils): reorder recoverStateEIP712Signer params for consistency

* test(contract): remove console.logs

* feat(contract): clarify Utils comments

* refactor(contract): optimize Custody and Utils sig verification functions

* style(contract): run forge fmt

* feat: replace `stateHash` with `packedState` in message signing (#295)

* feat(contract): replace stateHash with packedState in signing

* test(contract): migrate to getPackedState

* feat(contract): remove getStateHash

* feat(clearnode): remove state_hash, rename EncodeState to Pack

* feat(sdk): remove state_hash, add getPackedState

* refactor(sdk): supply channelId and state to signState

* docs(website): migrate Sig to Hex, add supported signature formats

---------

Co-authored-by: MaxMoskalenko <mx.msklnk@gmail.com>

Author: nksazonov

clearnode/channel_service.go

@@ -7,7 +7,6 @@ import (
 	"github.com/ethereum/go-ethereum/accounts/abi"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/hexutil"
-	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/shopspring/decimal"
 	"gorm.io/gorm"
 )
@@ -114,13 +113,12 @@ func (s *ChannelService) RequestResize(logger Logger, params *ResizeChannelParam
 
 	// 6) Encode & sign the new state
 	channelIDHash := common.HexToHash(channel.ChannelID)
-	encodedState, err := nitrolite.EncodeState(channelIDHash, nitrolite.IntentRESIZE, big.NewInt(int64(channel.Version)+1), encodedIntentions, allocations)
+	packedState, err := nitrolite.PackState(channelIDHash, nitrolite.IntentRESIZE, big.NewInt(int64(channel.Version)+1), encodedIntentions, allocations)
 	if err != nil {
-		logger.Error("failed to encode state hash", "error", err)
-		return ResizeChannelResponse{}, RPCErrorf("failed to encode state hash")
+		logger.Error("failed to pack state", "error", err)
+		return ResizeChannelResponse{}, RPCErrorf("failed to pack state")
 	}
-	stateHash := crypto.Keccak256Hash(encodedState).Hex()
-	sig, err := s.signer.NitroSign(encodedState)
+	sig, err := s.signer.Sign(packedState)
 	if err != nil {
 		logger.Error("failed to sign state", "error", err)
 		return ResizeChannelResponse{}, RPCErrorf("failed to sign state")
@@ -131,12 +129,7 @@ func (s *ChannelService) RequestResize(logger Logger, params *ResizeChannelParam
 		Intent:    uint8(nitrolite.IntentRESIZE),
 		Version:   channel.Version + 1,
 		StateData: hexutil.Encode(encodedIntentions),
-		StateHash: stateHash,
-		Signature: Signature{
-			V: sig.V,
-			R: hexutil.Encode(sig.R[:]),
-			S: hexutil.Encode(sig.S[:]),
-		},
+		Signature: sig,
 	}
 
 	for _, alloc := range allocations {
@@ -217,13 +210,12 @@ func (s *ChannelService) RequestClose(logger Logger, params *CloseChannelParams,
 		logger.Error("failed to decode state data hex", "error", err)
 		return CloseChannelResponse{}, RPCErrorf("failed to decode state data hex")
 	}
-	encodedState, err := nitrolite.EncodeState(common.HexToHash(channel.ChannelID), nitrolite.IntentFINALIZE, big.NewInt(int64(channel.Version)+1), stateDataBytes, allocations)
+	packedState, err := nitrolite.PackState(common.HexToHash(channel.ChannelID), nitrolite.IntentFINALIZE, big.NewInt(int64(channel.Version)+1), stateDataBytes, allocations)
 	if err != nil {
-		logger.Error("failed to encode state hash", "error", err)
-		return CloseChannelResponse{}, RPCErrorf("failed to encode state hash")
+		logger.Error("failed to pack state", "error", err)
+		return CloseChannelResponse{}, RPCErrorf("failed to pack state")
 	}
-	stateHash := crypto.Keccak256Hash(encodedState).Hex()
-	sig, err := s.signer.NitroSign(encodedState)
+	sig, err := s.signer.Sign(packedState)
 	if err != nil {
 		logger.Error("failed to sign state", "error", err)
 		return CloseChannelResponse{}, RPCErrorf("failed to sign state")
@@ -234,12 +226,7 @@ func (s *ChannelService) RequestClose(logger Logger, params *CloseChannelParams,
 		Intent:    uint8(nitrolite.IntentFINALIZE),
 		Version:   channel.Version + 1,
 		StateData: stateDataHex,
-		StateHash: stateHash,
-		Signature: Signature{
-			V: sig.V,
-			R: hexutil.Encode(sig.R[:]),
-			S: hexutil.Encode(sig.S[:]),
-		},
+		Signature: sig,
 	}
 
 	for _, alloc := range allocations {

clearnode/custody.go

@@ -117,7 +117,7 @@ func (c *Custody) Join(channelID string, lastStateData []byte) (common.Hash, err
 	// The broker will always join as participant with index 1 (second participant)
 	index := big.NewInt(1)
 
-	sig, err := c.signer.NitroSign(lastStateData)
+	sig, err := c.signer.Sign(lastStateData)
 	if err != nil {
 		return common.Hash{}, fmt.Errorf("failed to sign data: %w", err)
 	}
@@ -288,7 +288,7 @@ func (c *Custody) handleCreated(logger Logger, ev *nitrolite.CustodyCreated) {
 		return
 	}
 
-	encodedState, err := nitrolite.EncodeState(ev.ChannelId, nitrolite.IntentINITIALIZE, big.NewInt(0), ev.Initial.Data, ev.Initial.Allocations)
+	encodedState, err := nitrolite.PackState(ev.ChannelId, nitrolite.IntentINITIALIZE, big.NewInt(0), ev.Initial.Data, ev.Initial.Allocations)
 	if err != nil {
 		logger.Error("error encoding state hash", "error", err)
 		return

clearnode/custody_test.go

@@ -135,7 +135,7 @@ func createMockCreatedEvent(t *testing.T, signer *Signer, token string, amount *
 		Version:     big.NewInt(0),
 		Data:        []byte{},
 		Allocations: allocation,
-		Sigs:        []nitrolite.Signature{},
+		Sigs:        [][]byte{},
 	}
 
 	event := &nitrolite.CustodyCreated{
@@ -189,7 +189,7 @@ func createMockClosedEvent(t *testing.T, signer *Signer, token string, amount *b
 		Version:     big.NewInt(1),
 		Data:        []byte{},
 		Allocations: allocation,
-		Sigs:        []nitrolite.Signature{},
+		Sigs:        [][]byte{},
 	}
 
 	event := &nitrolite.CustodyClosed{
@@ -226,7 +226,7 @@ func createMockChallengedEvent(t *testing.T, signer *Signer, token string, amoun
 		Version:     big.NewInt(2),
 		Data:        []byte{},
 		Allocations: allocation,
-		Sigs:        []nitrolite.Signature{},
+		Sigs:        [][]byte{},
 	}
 
 	event := &nitrolite.CustodyChallenged{
@@ -314,7 +314,7 @@ func TestHandleCreatedEvent(t *testing.T) {
 				Version:     big.NewInt(0),
 				Data:        []byte{},
 				Allocations: allocation,
-				Sigs:        []nitrolite.Signature{},
+				Sigs:        [][]byte{},
 			}
 
 			mockEvent := &nitrolite.CustodyCreated{

clearnode/docs/API.md

@@ -830,9 +830,9 @@ In the request, the user must specify funds destination. After the channel is cl
 {
   "res": [1, "close_channel", [{
     "channel_id": "0x4567890123abcdef...",
-    "intent": 3, // IntentFINALIZE - constant magic number for closing channel
+    "intent": 3, // IntentFINALIZE - constant specifying that this is a final state
     "version": 123,
-    "state_data": "0x0000000000000000000000000000000000000000000000000000000000001ec7",
+    "state_data": "0xdeadbeef",
     "allocations": [
       {
         "destination": "0x1234567890abcdef...", // Provided funds address
@@ -845,12 +845,7 @@ In the request, the user must specify funds destination. After the channel is cl
         "amount": "50000"
       }
     ],
-    "state_hash": "0xLedgerStateHash",
-    "server_signature": {
-      "v": "27",
-      "r": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
-      "s": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
-    }
+    "server_signature": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1c",
   }], 1619123456789],
   "sig": ["0xabcd1234..."]
 }
@@ -890,7 +885,7 @@ Example:
 {
   "res": [1, "resize_channel", [{
     "channel_id": "0x4567890123abcdef...",
-    "state_data": "0x0000000000000000000000000000000000000000000000000000000000002ec7",
+    "state_data": "0xdeadbeef",
     "intent": 2, // IntentRESIZE
     "version": 5,
     "allocations": [
@@ -905,12 +900,7 @@ Example:
         "amount": "0"
       }
     ],
-    "state_hash": "0xLedgerStateHash",
-    "server_signature": {
-      "v": "28",
-      "r": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
-      "s": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
-    }
+    "server_signature": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1c",
   }], 1619123456789],
   "sig": ["0xabcd1234..."]
 }

clearnode/nitrolite/bindings.go

@@ -2,49 +2,95 @@ package nitrolite
 
 import (
 	"crypto/ecdsa"
+	"encoding/json"
 	"fmt"
 
 	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/crypto"
 )
 
+type Signature []byte
+
+func (s Signature) MarshalJSON() ([]byte, error) {
+	return json.Marshal(hexutil.Encode(s))
+}
+
+func (s *Signature) UnmarshalJSON(data []byte) error {
+	var hexStr string
+	if err := json.Unmarshal(data, &hexStr); err != nil {
+		return err
+	}
+	decoded, err := hexutil.Decode(hexStr)
+	if err != nil {
+		return err
+	}
+	*s = decoded
+	return nil
+}
+
+func (s Signature) String() string {
+	return hexutil.Encode(s)
+}
+
+func SignaturesToStrings(signatures []Signature) []string {
+	strs := make([]string, len(signatures))
+	for i, sig := range signatures {
+		strs[i] = sig.String()
+	}
+	return strs
+}
+
+func SignaturesFromStrings(strs []string) ([]Signature, error) {
+	signatures := make([]Signature, len(strs))
+	for i, str := range strs {
+		sig, err := hexutil.Decode(str)
+		if err != nil {
+			return nil, fmt.Errorf("failed to decode signature %d (%s): %w", i, str, err)
+		}
+		signatures[i] = sig
+	}
+	return signatures, nil
+}
+
 // Sign hashes the provided data using Keccak256 and signs it with the given private key.
 func Sign(data []byte, privateKey *ecdsa.PrivateKey) (Signature, error) {
 	if privateKey == nil {
-		return Signature{}, fmt.Errorf("private key is nil")
+		return nil, fmt.Errorf("private key is nil")
 	}
 
 	dataHash := crypto.Keccak256Hash(data)
 	signature, err := crypto.Sign(dataHash.Bytes(), privateKey)
 	if err != nil {
-		return Signature{}, fmt.Errorf("failed to sign data: %w", err)
+		return nil, fmt.Errorf("failed to sign data: %w", err)
 	}
 
 	if len(signature) != 65 {
-		return Signature{}, fmt.Errorf("invalid signature length: got %d, want 65", len(signature))
+		return nil, fmt.Errorf("invalid signature length: got %d, want 65", len(signature))
 	}
 
-	var sig Signature
-	copy(sig.R[:], signature[:32])
-	copy(sig.S[:], signature[32:64])
-	sig.V = signature[64] + 27
+	// This step is necessary to remain compatible with the ecrecover precompile
+	if signature[64] < 27 {
+		signature[64] += 27
+	}
 
-	return sig, nil
+	return signature, nil
 }
 
 // Verify checks if the signature on the provided data was created by the given address.
 func Verify(data []byte, sig Signature, address common.Address) (bool, error) {
 	dataHash := crypto.Keccak256Hash(data)
 
-	signature := make([]byte, 65)
-	copy(signature[0:32], sig.R[:])
-	copy(signature[32:64], sig.S[:])
+	// Create a copy of the signature to avoid modifying the original
+	sigToVerify := make(Signature, len(sig))
+	copy(sigToVerify, sig)
 
-	if sig.V >= 27 {
-		signature[64] = sig.V - 27
+	// Ensure the signature is in the correct format
+	if sigToVerify[64] >= 27 {
+		sigToVerify[64] -= 27
 	}
 
-	pubKeyRaw, err := crypto.Ecrecover(dataHash.Bytes(), signature)
+	pubKeyRaw, err := crypto.Ecrecover(dataHash.Bytes(), sigToVerify)
 	if err != nil {
 		return false, fmt.Errorf("failed to recover public key: %w", err)
 	}

clearnode/nitrolite/signature.go

@@ -71,8 +71,8 @@ func TestVerifyInvalidSignature(t *testing.T) {
 		t.Fatalf("failed to sign data: %v", err)
 	}
 
-	// Tamper with the signature (flip a bit in R).
-	sig.R[0] ^= 0xff
+	// Tamper with the signature (flip some bit).
+	sig[0] ^= 0xff
 
 	// Use the original public address.
 	publicAddress := crypto.PubkeyToAddress(privateKey.PublicKey)

clearnode/nitrolite/signature_test.go

@@ -16,8 +16,8 @@ const (
 	IntentFINALIZE   Intent = 3
 )
 
-// EncodeState encodes channel state into a byte array using channelID, intent, version, state data, and allocations.
-func EncodeState(channelID common.Hash, intent Intent, version *big.Int, stateData []byte, allocations []Allocation) ([]byte, error) {
+// PackState encodes channel id and state into a byte array
+func PackState(channelID common.Hash, intent Intent, version *big.Int, stateData []byte, allocations []Allocation) ([]byte, error) {
 	allocationType, err := abi.NewType("tuple[]", "", []abi.ArgumentMarshaling{
 		{Name: "destination", Type: "address"},
 		{Name: "token", Type: "address"},

clearnode/nitrolite/state.go

@@ -9,10 +9,10 @@ import (
 
 // RPCMessage represents a complete message in the RPC protocol, including data and signatures
 type RPCMessage struct {
-	Req          *RPCData `json:"req,omitempty" validate:"required_without=Res,excluded_with=Res"`
-	Res          *RPCData `json:"res,omitempty" validate:"required_without=Req,excluded_with=Req"`
-	AppSessionID string   `json:"sid,omitempty"`
-	Sig          []string `json:"sig"`
+	Req          *RPCData    `json:"req,omitempty" validate:"required_without=Res,excluded_with=Res"`
+	Res          *RPCData    `json:"res,omitempty" validate:"required_without=Req,excluded_with=Req"`
+	AppSessionID string      `json:"sid,omitempty"`
+	Sig          []Signature `json:"sig"`
 }
 
 // ParseRPCMessage parses a JSON string into an RPCMessage
@@ -100,7 +100,7 @@ func CreateResponse(id uint64, method string, responseParams []any) *RPCMessage
 			Params:    responseParams,
 			Timestamp: uint64(time.Now().UnixMilli()),
 		},
-		Sig: []string{},
+		Sig: []Signature{},
 	}
 }
 

clearnode/rpc.go

@@ -9,7 +9,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/go-playground/validator/v10"
 	"github.com/google/uuid"
 	"github.com/gorilla/websocket"
@@ -168,10 +167,10 @@ read_loop:
 			}
 		}
 
-		var msg RPCMessage
+		msg := RPCMessage{Req: &RPCData{}}
 		if err := json.Unmarshal(messageBytes, &msg); err != nil {
 			n.logger.Debug("invalid message format", "error", err, "message", string(messageBytes))
-			n.sendErrorResponse(rpcConn, 0, "invalid message format")
+			n.sendErrorResponse(rpcConn, msg.Req.RequestID, "invalid message format")
 			continue
 		}
 
@@ -355,7 +354,7 @@ func prepareRawRPCResponse(signer *Signer, data *RPCData) ([]byte, error) {
 
 	responseMessage := &RPCMessage{
 		Res: data,
-		Sig: []string{hexutil.Encode(signature)},
+		Sig: []Signature{signature},
 	}
 	resMessageBytes, err := json.Marshal(responseMessage)
 	if err != nil {