fix verifier: add body hash to auth payload

Author: romanornr

via_verifier/node/via_verifier_coordinator/src/auth.rs

@@ -77,4 +77,35 @@ mod tests {
         assert!(!verify_signature(&payload, &signature, &wrong_public_key)
             .expect("Verification with wrong key unexpectedly succeeded"));
     }
+
+    #[test]
+    fn test_body_hash_in_signature() {
+        let secp = Secp256k1::new();
+        let (secret_key, public_key) = secp.generate_keypair(&mut OsRng);
+
+        let body = b"test body content";
+        let body_hash = hex::encode(Sha256::digest(body));
+
+        let payload = json!({
+            "timestamp": 1234567890,
+            "verifier_index": "0",
+            "sequencer_version": "0.1.0",
+            "body_hash": body_hash
+        });
+
+        let signature = sign_request(&payload, &secret_key).unwrap();
+        assert!(verify_signature(&payload, &signature, &public_key).unwrap());
+
+        // Verify different body produces different hash
+        let different_body = b"different body";
+        let different_hash = hex::encode(Sha256::digest(different_body));
+        let different_payload = json!({
+            "timestamp": 1234567890,
+            "verifier_index": "0",
+            "sequencer_version": "0.1.0",
+            "body_hash": different_hash
+        });
+
+        assert!(!verify_signature(&different_payload, &signature, &public_key).unwrap());
+    }
 }

via_verifier/node/via_verifier_coordinator/src/coordinator/api_decl.rs

@@ -92,8 +92,10 @@ impl RestApi {
             )
             .route("/nonce", axum::routing::post(Self::submit_nonce))
             .route("/nonce", axum::routing::get(Self::get_nonces))
-            .route_layer(body_mw)
+            // body_mw (outer) extracts body bytes first
+            // auth_mw (inner) verifies signature with body hash second
             .route_layer(auth_mw)
+            .route_layer(body_mw)
             .with_state(shared_state.clone())
             .layer(
                 ServiceBuilder::new()

via_verifier/node/via_verifier_coordinator/src/coordinator/auth_middleware.rs

@@ -1,11 +1,12 @@
 use std::{str::FromStr, sync::Arc};
 
 use axum::{
-    body::{self, Body},
+    body::{self, Body, Bytes},
     extract::{Request, State},
     middleware::Next,
     response::Response,
 };
+use sha2::{Digest, Sha256};
 use via_verifier_dal::VerifierDal;
 use zksync_types::protocol_version::ProtocolSemanticVersion;
 
@@ -35,6 +36,11 @@ pub async fn auth_middleware(
         .and_then(|h| h.to_str().ok())
         .ok_or_else(|| ApiError::Unauthorized("Missing signature header".into()))?;
 
+    let body_hash = headers
+        .get("X-Body-Hash")
+        .and_then(|h| h.to_str().ok())
+        .ok_or_else(|| ApiError::Unauthorized("Missing body hash header".into()))?;
+
     let sequencer_version = headers
         .get("X-Sequencer-Version")
         .and_then(|h| h.to_str().ok())
@@ -46,7 +52,8 @@ pub async fn auth_middleware(
     }
 
     let timestamp_now = chrono::Utc::now().timestamp();
-    let timestamp_diff = timestamp_now - timestamp.parse::<i64>().unwrap();
+    let timestamp_diff = timestamp_now - timestamp.parse::<i64>()
+        .map_err(|_| ApiError::Unauthorized("Invalid timestamp".into()))?;
 
     if timestamp_diff > state.state.verifier_request_timeout.into() {
         return Err(ApiError::Unauthorized("Timestamp is too old".into()));
@@ -55,11 +62,25 @@ pub async fn auth_middleware(
     // Get the public key for this verifier
     let public_key = &state.state.verifiers_pub_keys[verifier_index];
 
-    //  verify timestamp + verifier_index
+    // Get the request body bytes (stored by extract_body middleware)
+    let body_bytes = request
+        .extensions()
+        .get::<Bytes>()
+        .map(|b| b.to_vec())
+        .unwrap_or_default();
+
+    // Verify body hash matches actual body content
+    let computed_body_hash = hex::encode(Sha256::digest(&body_bytes));
+    if computed_body_hash != body_hash {
+        return Err(ApiError::Unauthorized("Body hash mismatch ".into()));
+    }
+
+    // Verify the signature over timestamp + verifier_index + sequencer_version + body_hash
     let payload = serde_json::json!({
         "timestamp": timestamp,
         "verifier_index": verifier_index.to_string(),
-        "sequencer_version": sequencer_version
+        "sequencer_version": sequencer_version,
+        "body_hash": body_hash
     });
 
     // Verify the signature

via_verifier/node/via_verifier_coordinator/src/verifier/mod.rs

@@ -7,6 +7,7 @@ use anyhow::Context;
 use bitcoin::{TapSighashType, Witness};
 use musig2::{CompactSignature, PartialSignature};
 use reqwest::{header, Client, StatusCode};
+use sha2::{Digest, Sha256};
 use tokio::sync::watch;
 use via_btc_client::traits::{BitcoinOps, Serializable};
 use via_musig2::{
@@ -234,7 +235,9 @@ impl ViaWithdrawalVerifier {
         Ok(())
     }
 
-    fn create_request_headers(&self) -> anyhow::Result<header::HeaderMap> {
+    /// Creates authenticated request headers with body hash for replay protection
+    /// The body hash is included in the signed payload
+    fn create_request_headers_with_body(&self, body: &[u8]) -> anyhow::Result<header::HeaderMap> {
         let mut headers = header::HeaderMap::new();
         let timestamp = chrono::Utc::now().timestamp().to_string();
         let signer = get_signer_with_merkle_root(
@@ -248,11 +251,15 @@ impl ViaWithdrawalVerifier {
         let private_key = bitcoin::PrivateKey::from_wif(&self.wallet.private_key)?;
         let secret_key = private_key.inner;
 
-        // Sign timestamp + verifier_index + sequencer_version as a JSON object
+        // Compute SHA-256 hash of the request body for replay protection
+        let body_hash = hex::encode(Sha256::digest(body));
+
+        // Sign timestamp + verifier_index + sequencer_version + body_hash
         let payload = serde_json::json!({
             "timestamp": timestamp,
             "verifier_index": verifier_index,
-            "sequencer_version": sequencer_version
+            "sequencer_version": sequencer_version,
+            "body_hash": body_hash
         });
         let signature = crate::auth::sign_request(&payload, &secret_key)?;
 
@@ -266,10 +273,20 @@ impl ViaWithdrawalVerifier {
             "X-Sequencer-Version",
             header::HeaderValue::from_str(&sequencer_version)?,
         );
+        headers.insert(
+            "X-Body-Hash",
+            header::HeaderValue::from_str(&body_hash)?,
+        );
 
         Ok(headers)
     }
 
+    /// Creates authenticated request headers GET requests (empty body)
+    /// Get requests that have no body to use as an empty body hash
+    fn create_request_headers(&self) -> anyhow::Result<header::HeaderMap> {
+        self.create_request_headers_with_body(&[])
+    }
+
     async fn get_session(&self) -> anyhow::Result<SigningSessionResponse> {
         let url = format!("{}/session", self.verifier_config.coordinator_http_url);
         let headers = self.create_request_headers()?;
@@ -336,17 +353,20 @@ impl ViaWithdrawalVerifier {
             nonce_map.insert(*input_index, nonce_pair);
         }
 
+        let body = serde_json::to_vec(&nonce_map)?;
+
         let url = format!(
             "{}/session/nonce",
             self.verifier_config.coordinator_http_url
         );
-        let headers = self.create_request_headers()?;
+        let headers = self.create_request_headers_with_body(&body)?;
 
         let res = self
             .client
             .post(&url)
             .headers(headers.clone())
-            .json(&nonce_map)
+            .body(body)
+            .header(header::CONTENT_TYPE, "application/json")
             .send()
             .await?;
 
@@ -473,19 +493,23 @@ impl ViaWithdrawalVerifier {
             sig_pair_per_input.insert(input_index, encoded);
         }
 
+        // Serialize body first for body hash computation
+        let body = serde_json::to_vec(&sig_pair_per_input)?;
+
         let url = format!(
             "{}/session/signature",
             self.verifier_config.coordinator_http_url
         );
-        let headers = self.create_request_headers()?;
+        let headers = self.create_request_headers_with_body(&body)?;
 
         tracing::debug!("Submitting all partial signatures to {}", url);
 
         let response = self
             .client
             .post(&url)
             .headers(headers.clone())
-            .json(&sig_pair_per_input)
+            .body(body)
+            .header(header::CONTENT_TYPE, "application/json")
             .send()
             .await?;
 
@@ -535,13 +559,16 @@ impl ViaWithdrawalVerifier {
     }
 
     async fn create_new_session(&mut self) -> anyhow::Result<()> {
+        let body = Vec::new();
+
         let url = format!("{}/session/new", self.verifier_config.coordinator_http_url);
-        let headers = self.create_request_headers()?;
+        let headers = self.create_request_headers_with_body(&body)?;
         let resp = self
             .client
             .post(&url)
             .headers(headers.clone())
             .header(header::CONTENT_TYPE, "application/json")
+            .body(body)
             .send()
             .await?;