Merge pull request #162 from xmtp/key-manager

neekolas · web-flow · commit 7bd5abf3d574 · 2022-09-20T17:21:54.000-07:00
Key manager
diff --git a/src/TopicKeyManager.ts b/src/TopicKeyManager.ts
@@ -0,0 +1,136 @@
+import PublicKeyBundle from './crypto/PublicKeyBundle'
+
+export enum EncryptionAlgorithm {
+  AES_256_GCM_HKDF_SHA_256,
+}
+
+/**
+ * TopicKeyRecord encapsulates the key, algorithm, and a list of allowed signers
+ */
+export type TopicKeyRecord = {
+  keyMaterial: Uint8Array
+  encryptionAlgorithm: EncryptionAlgorithm
+  // Callers should validate that the signature comes from the list of allowed signers
+  // Not strictly necessary, but it prevents against compromised topic keys being
+  // used by third parties who would sign the message with a different key
+  allowedSigners: PublicKeyBundle[]
+}
+
+/**
+ * TopicResult is the public interface for receiving a TopicKey
+ */
+export type TopicResult = {
+  topicKey: TopicKeyRecord
+  contentTopic: string
+}
+
+// Internal data structure used to store the relationship between a topic and a wallet address
+type WalletTopicRecord = {
+  contentTopic: string
+  createdAt: Date
+}
+
+type ContentTopic = string
+type WalletAddress = string
+
+/**
+ * Custom error type for cases where the caller attempted to add a second key to the same topic
+ */
+export class DuplicateTopicError extends Error {
+  constructor(topic: string) {
+    super(`Topic ${topic} has already been added`)
+    this.name = 'DuplicateTopicError'
+    Object.setPrototypeOf(this, DuplicateTopicError.prototype)
+  }
+}
+
+const findLatestTopic = (records: WalletTopicRecord[]): WalletTopicRecord => {
+  let latestRecord: WalletTopicRecord | undefined
+  for (const record of records) {
+    if (!latestRecord || record.createdAt > latestRecord.createdAt) {
+      latestRecord = record
+    }
+  }
+  if (!latestRecord) {
+    throw new Error('No record found')
+  }
+  return latestRecord
+}
+
+/**
+ * TopicKeyManager stores the mapping between topics -> keys and wallet addresses -> keys
+ */
+export default class TopicKeyManager {
+  // Mapping of content topics to the keys used for decryption on that topic
+  private topicKeys: Map<ContentTopic, TopicKeyRecord>
+  // Mapping of wallet addresses and topics
+  private dmTopics: Map<WalletAddress, WalletTopicRecord[]>
+
+  constructor() {
+    this.topicKeys = new Map<ContentTopic, TopicKeyRecord>()
+    this.dmTopics = new Map<WalletAddress, WalletTopicRecord[]>()
+  }
+
+  /**
+   * Create a TopicKeyRecord for the topic and store it for later access
+   *
+   * @param contentTopic The topic
+   * @param key TopicKeyRecord that contains the topic key and encryption algorithm
+   * @param counterparty The other user's PublicKeyBundle
+   * @param createdAt Date
+   */
+  addDirectMessageTopic(
+    contentTopic: string,
+    key: TopicKeyRecord,
+    counterparty: PublicKeyBundle,
+    createdAt: Date
+  ): void {
+    if (this.topicKeys.has(contentTopic)) {
+      throw new DuplicateTopicError(contentTopic)
+    }
+    this.topicKeys.set(contentTopic, key)
+
+    const walletAddress = counterparty.identityKey.walletSignatureAddress()
+    const counterpartyTopicList = this.dmTopics.get(walletAddress) || []
+    counterpartyTopicList.push({ contentTopic, createdAt })
+    this.dmTopics.set(walletAddress, counterpartyTopicList)
+  }
+
+  /**
+   * Would be used to get all information required to decrypt/validate a given message
+   */
+  getByTopic(contentTopic: string): TopicResult | undefined {
+    const topicKey = this.topicKeys.get(contentTopic)
+    if (!topicKey) {
+      return undefined
+    }
+    return {
+      topicKey,
+      contentTopic,
+    }
+  }
+
+  /**
+   *  Used to know which topic/key to use to send to a given wallet address
+   */
+  getLatestByWalletAddress(walletAddress: string): TopicResult | undefined {
+    const walletTopics = this.dmTopics.get(walletAddress)
+    if (!walletTopics || !walletTopics.length) {
+      return undefined
+    }
+    const newestTopic = findLatestTopic(walletTopics)
+    return this.getByTopic(newestTopic.contentTopic)
+  }
+
+  /**
+   * Used to get the topic list to listen for all messages from a given wallet address
+   */
+  getAllByWalletAddress(walletAddress: string): TopicResult[] {
+    const dmTopics = this.dmTopics
+      .get(walletAddress)
+      ?.map(({ contentTopic }) => this.getByTopic(contentTopic))
+      .filter((res) => !!res) as TopicResult[]
+
+    return dmTopics || []
+  }
+}
diff --git a/test/TopicKeyManager.test.ts b/test/TopicKeyManager.test.ts
@@ -0,0 +1,116 @@
+import {
+  TopicKeyRecord,
+  EncryptionAlgorithm,
+  DuplicateTopicError,
+} from './../src/TopicKeyManager'
+import KeyManager from '../src/TopicKeyManager'
+import { crypto } from '../src/crypto/encryption'
+import PrivateKeyBundle from '../src/crypto/PrivateKeyBundle'
+import PublicKeyBundle from '../src/crypto/PublicKeyBundle'
+import { newWallet } from './helpers'
+
+const TOPICS = ['topic1', 'topic2']
+
+const createTopicKeyRecord = (
+  allowedSigners: PublicKeyBundle[] = []
+): TopicKeyRecord => {
+  return {
+    keyMaterial: crypto.getRandomValues(new Uint8Array(32)),
+    encryptionAlgorithm: EncryptionAlgorithm.AES_256_GCM_HKDF_SHA_256,
+    allowedSigners: allowedSigners,
+  }
+}
+
+describe('TopicKeyManager', () => {
+  let keyManager: KeyManager
+  beforeEach(async () => {
+    keyManager = new KeyManager()
+  })
+
+  it('can add and retrieve a topic key', async () => {
+    const senderWallet = newWallet()
+    const sender = (
+      await PrivateKeyBundle.generate(senderWallet)
+    ).getPublicKeyBundle()
+    const sentAt = new Date()
+    const record = createTopicKeyRecord([sender])
+
+    keyManager.addDirectMessageTopic(TOPICS[0], record, sender, sentAt)
+
+    // Lookup latest result by address
+    const topicResultByAddress = keyManager.getLatestByWalletAddress(
+      senderWallet.address
+    )
+    expect(topicResultByAddress?.contentTopic).toEqual(TOPICS[0])
+    expect(topicResultByAddress?.topicKey.keyMaterial).toEqual(
+      record.keyMaterial
+    )
+
+    // Lookup all results by address
+    const allResults = keyManager.getAllByWalletAddress(senderWallet.address)
+    expect(allResults).toHaveLength(1)
+    expect(allResults[0]).toEqual(topicResultByAddress)
+
+    // Lookup result by topic
+    const topicResultByTopic = keyManager.getByTopic(TOPICS[0])
+    expect(topicResultByTopic).toEqual(topicResultByAddress)
+  })
+
+  it('returns undefined when no topic key has been added', async () => {
+    expect(keyManager.getByTopic(TOPICS[0])).toBeUndefined()
+    expect(keyManager.getLatestByWalletAddress(TOPICS[0])).toBeUndefined()
+    expect(keyManager.getAllByWalletAddress(TOPICS[0])).toHaveLength(0)
+  })
+
+  it('can add multiple topic keys for a wallet', async () => {
+    const senderWallet = newWallet()
+    const sender = (
+      await PrivateKeyBundle.generate(senderWallet)
+    ).getPublicKeyBundle()
+    const record1 = createTopicKeyRecord([sender])
+    const record2 = createTopicKeyRecord([sender])
+    const d1 = new Date(+new Date() - 100)
+    const d2 = new Date()
+
+    keyManager.addDirectMessageTopic(TOPICS[0], record1, sender, d1)
+    keyManager.addDirectMessageTopic(TOPICS[1], record2, sender, d2)
+
+    // Should use the record with the latest date
+    expect(
+      keyManager.getLatestByWalletAddress(senderWallet.address)?.contentTopic
+    ).toEqual(TOPICS[1])
+
+    // Should return both results
+    expect(keyManager.getAllByWalletAddress(senderWallet.address)).toHaveLength(
+      2
+    )
+
+    // It should still be possible to look up the older topic using the topic name directly
+    expect(keyManager.getByTopic(TOPICS[0])?.topicKey.keyMaterial).toEqual(
+      record1.keyMaterial
+    )
+  })
+
+  it('cannot add multiple records for the same topic', async () => {
+    const senderWallet = newWallet()
+    const sender = (
+      await PrivateKeyBundle.generate(senderWallet)
+    ).getPublicKeyBundle()
+
+    keyManager.addDirectMessageTopic(
+      TOPICS[0],
+      createTopicKeyRecord([sender]),
+      sender,
+      new Date()
+    )
+
+    expect(() =>
+      keyManager.addDirectMessageTopic(
+        TOPICS[0],
+        createTopicKeyRecord([sender]),
+        sender,
+        new Date()
+      )
+    ).toThrow(DuplicateTopicError)
+  })
+})
