Accept only valid base64 signatures.

Explicitly check the signature provided to setauthsignature if it
is valid base64.  If not, throw an RPC error instead of assert-failing
later on in the xidauth logic.

auth/credentials.hpp

@@ -1,4 +1,4 @@
-// Copyright (C) 2019 The Xaya developers
+// Copyright (C) 2019-2022 The Xaya developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
@@ -83,11 +83,21 @@ class Credentials
    */
   bool IsExpired () const;
 
-  /* Accessor functions for the data in the protocol buffer.  */
-
+  /**
+   * Returns the signature contained in the protocol buffer, encoded
+   * as base64 (per Xaya Core for verifymessage).
+   */
   std::string GetSignature () const;
+
+  /**
+   * Sets the signature field in the protocol buffer.  The sgn argument
+   * must be base64 encoded, and will be set as raw bytes inside
+   * the proto.
+   */
   void SetSignature (const std::string& sgn);
 
+  /* Accessor functions for the data in the protocol buffer.  */
+
   bool
   HasExpiry () const
   {

doc/rpc.md

@@ -198,8 +198,10 @@ in a second step.
 This method can be used to add in the signature for an already-constructed
 password (e.g. coming from [`getauthmessage`](#getauthmessage)).
 
-It expects two string arguments, `password` and `signature`.  It returns
-the amended password as string.
+It expects two string arguments, `password` and `signature`.
+The signature should be the raw signature bytes encoded with base64,
+as they get returned by Xaya Core's signing RPC methods.
+`setauthsignature` returns the amended password as string.
 
 #### `verifyauth`
 

gametest/auth.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # coding=utf8
 
-# Copyright (C) 2019-2021 The Xaya developers
+# Copyright (C) 2019-2022 The Xaya developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
@@ -150,6 +150,9 @@ def testPasswordErrors (self):
     self.expectError (2, "failed to parse the password string",
                       self.rpc.game.setauthsignature,
                       password="invalid base64", signature="")
+    self.expectError (4, "the signature is not base64",
+                      self.rpc.game.setauthsignature,
+                      password="", signature="invalid base64")
 
   def testVerification (self):
     self.mainLogger.info ("Testing credentials verification...")

src/Makefile.am

@@ -14,11 +14,11 @@ CLEANFILES = $(RPC_STUBS) schema.cpp
 
 libxid_la_CXXFLAGS = \
   -I$(top_srcdir) \
-  $(XAYAGAME_CFLAGS) \
+  $(XAYAUTIL_CFLAGS) $(XAYAGAME_CFLAGS) \
   $(JSON_CFLAGS) $(GLOG_CFLAGS) $(SQLITE3_CFLAGS)
 libxid_la_LIBADD = \
   $(top_builddir)/auth/libxidauth.la \
-  $(XAYAGAME_LIBS) \
+  $(XAYAUTIL_LIBS) $(XAYAGAME_LIBS) \
   $(JSON_LIBS) $(GLOG_LIBS) $(SQLITE3_LIBS)
 libxid_la_SOURCES = \
   gamestatejson.cpp \

src/nonstaterpc.cpp

@@ -1,4 +1,4 @@
-// Copyright (C) 2019-2020 The Xaya developers
+// Copyright (C) 2019-2022 The Xaya developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
@@ -8,6 +8,8 @@
 
 #include "auth/time.hpp"
 
+#include <xayautil/base64.hpp>
+
 #include <glog/logging.h>
 
 namespace xid
@@ -89,6 +91,11 @@ NonStateRpc::setauthsignature (const std::string& password,
     ThrowJsonError (ErrorCode::AUTH_INVALID_DATA,
                     "the authentication data is invalid");
 
+  std::string rawSignature;
+  if (!xaya::DecodeBase64 (signature, rawSignature))
+    ThrowJsonError (ErrorCode::AUTH_INVALID_SIGNATURE,
+                    "the signature is not base64");
+
   cred.SetSignature (signature);
 
   return cred.ToPassword ();

src/rpcerrors.hpp

@@ -29,7 +29,7 @@ enum class ErrorCode
   /* This method is considered unsafe and not enabled in the server.  */
   UNSAFE_METHOD = -4,
 
-  /* The provided data (name, applcation, extra) is invalid while constructing
+  /* The provided data (name, application, extra) is invalid while constructing
      an auth message (not validating a password).  */
   AUTH_INVALID_DATA = 1,
   /* An invalid password string was provided, which could not be decoded to
@@ -38,6 +38,8 @@ enum class ErrorCode
   AUTH_INVALID_PASSWORD = 2,
   /* The Xaya wallet does not hold any key allowed to sign the credentials.  */
   AUTH_NO_KEY = 3,
+  /* The signature provided with setauthsignature is invalid base64.  */
+  AUTH_INVALID_SIGNATURE = 4,
 
 };