package loadfunctions import ( "bytes" "crypto/ecdsa" "crypto/rand" "encoding/base64" "encoding/hex" "encoding/json" "fmt" "time" "github.com/ethereum/go-ethereum/crypto" "github.com/ethereum/go-ethereum/crypto/ecies" "github.com/go-resty/resty/v2" "github.com/rs/zerolog/log" "github.com/smartcontractkit/tdh2/go/tdh2/tdh2easy" "github.com/smartcontractkit/chainlink/v2/core/services/gateway/api" "github.com/smartcontractkit/chainlink/v2/core/services/gateway/handlers/functions" "github.com/smartcontractkit/chainlink/v2/core/services/s4" ) type RPCResponse struct { ID string `json:"id"` Jsonrpc string `json:"jsonrpc"` Result struct { Body struct { DonID string `json:"don_id"` MessageID string `json:"message_id"` Method string `json:"method"` Payload struct { NodeResponses []struct { Body struct { DonID string `json:"don_id"` MessageID string `json:"message_id"` Method string `json:"method"` Payload struct { Success bool `json:"success"` } `json:"payload"` Receiver string `json:"receiver"` } `json:"body"` Signature string `json:"signature"` } `json:"node_responses"` Success bool `json:"success"` } `json:"payload"` Receiver string `json:"receiver"` } `json:"body"` Signature string `json:"signature"` } `json:"result"` } func UploadS4Secrets(rc *resty.Client, s4Cfg *S4SecretsCfg) (uint8, uint64, error) { key, err := crypto.HexToECDSA(s4Cfg.PrivateKey) if err != nil { return 0, 0, err } address := crypto.PubkeyToAddress(key.PublicKey) var payloadJSON []byte envelope := s4.Envelope{ Address: address.Bytes(), SlotID: s4Cfg.S4SetSlotID, Version: s4Cfg.S4SetVersion, Payload: []byte(s4Cfg.S4SetPayload), Expiration: time.Now().UnixMilli() + s4Cfg.S4SetExpirationPeriod, } signature, err := envelope.Sign(key) if err != nil { return 0, 0, err } s4SetPayload := functions.SecretsSetRequest{ SlotID: envelope.SlotID, Version: envelope.Version, Expiration: envelope.Expiration, Payload: []byte(s4Cfg.S4SetPayload), Signature: signature, } payloadJSON, err = json.Marshal(s4SetPayload) if err != nil { return 0, 0, err } msg := &api.Message{ Body: api.MessageBody{ MessageId: s4Cfg.MessageID, Method: s4Cfg.Method, DonId: s4Cfg.DonID, Payload: json.RawMessage(payloadJSON), }, } err = msg.Sign(key) if err != nil { return 0, 0, err } codec := api.JsonRPCCodec{} rawMsg, err := codec.EncodeRequest(msg) if err != nil { return 0, 0, err } var result *RPCResponse resp, err := rc.R(). SetBody(rawMsg). Post(s4Cfg.GatewayURL) if err != nil { return 0, 0, err } if resp.StatusCode() != 200 { return 0, 0, fmt.Errorf("status code was %d, expected 200", resp.StatusCode()) } if err := json.Unmarshal(resp.Body(), &result); err != nil { return 0, 0, err } log.Debug().Interface("Result", result).Msg("S4 secrets_set response result") for _, nodeResponse := range result.Result.Body.Payload.NodeResponses { if !nodeResponse.Body.Payload.Success { return 0, 0, fmt.Errorf("node response was not successful") } } return uint8(envelope.SlotID), envelope.Version, nil } func ListS4Secrets(rc *resty.Client, s4Cfg *S4SecretsCfg) error { key, err := crypto.HexToECDSA(s4Cfg.PrivateKey) if err != nil { return err } msg := &api.Message{ Body: api.MessageBody{ MessageId: s4Cfg.MessageID, Method: s4Cfg.Method, DonId: s4Cfg.DonID, Receiver: s4Cfg.RecieverAddr, }, } err = msg.Sign(key) if err != nil { return err } codec := api.JsonRPCCodec{} rawMsg, err := codec.EncodeRequest(msg) if err != nil { return err } msgdec, err := codec.DecodeRequest(rawMsg) if err != nil { return err } log.Debug().Interface("Request", msgdec).Msg("Sending RPC request") var result map[string]interface{} resp, err := rc.R(). SetBody(rawMsg). Post(s4Cfg.GatewayURL) if err != nil { return err } if err := json.Unmarshal(resp.Body(), &result); err != nil { return err } log.Debug().Interface("Result", result).Msg("S4 secrets_list response result") if resp.StatusCode() != 200 { return fmt.Errorf("status code was %d, expected 200", resp.StatusCode()) } return nil } func ParseTDH2Key(data []byte) (*tdh2easy.PublicKey, error) { pk := &tdh2easy.PublicKey{} if err := pk.Unmarshal(data); err != nil { return nil, err } return pk, nil } func EncryptS4Secrets(deployerPk *ecdsa.PrivateKey, tdh2Pk *tdh2easy.PublicKey, donKey []byte, msgJSON string) (string, error) { // 65 bytes PublicKey format, should start with 0x04 to be processed by crypto.UnmarshalPubkey() b := make([]byte, 1) b[0] = 0x04 donKey = bytes.Join([][]byte{b, donKey}, nil) donPubKey, err := crypto.UnmarshalPubkey(donKey) if err != nil { return "", fmt.Errorf("failed to unmarshal DON key: %w", err) } eciesDONPubKey := ecies.ImportECDSAPublic(donPubKey) signature, err := deployerPk.Sign(rand.Reader, []byte(msgJSON), nil) if err != nil { return "", fmt.Errorf("failed to sign the msg with Ethereum key: %w", err) } signedSecrets, err := json.Marshal(struct { Signature []byte `json:"signature"` Message string `json:"message"` }{ Signature: signature, Message: msgJSON, }) if err != nil { return "", fmt.Errorf("failed to marshal signed secrets: %w", err) } ct, err := ecies.Encrypt(rand.Reader, eciesDONPubKey, signedSecrets, nil, nil) if err != nil { return "", fmt.Errorf("failed to encrypt with DON key: %w", err) } ct0xFormat, err := json.Marshal(map[string]interface{}{"0x0": base64.StdEncoding.EncodeToString(ct)}) if err != nil { return "", fmt.Errorf("failed to marshal DON key encrypted format: %w", err) } ctTDH2Format, err := tdh2easy.Encrypt(tdh2Pk, ct0xFormat) if err != nil { return "", fmt.Errorf("failed to encrypt with TDH2 public key: %w", err) } tdh2Message, err := ctTDH2Format.Marshal() if err != nil { return "", fmt.Errorf("failed to marshal TDH2 encrypted msg: %w", err) } finalMsg, err := json.Marshal(map[string]interface{}{ "encryptedSecrets": "0x" + hex.EncodeToString(tdh2Message), }) if err != nil { return "", fmt.Errorf("failed to marshal secrets msg: %w", err) } return string(finalMsg), nil }