Merge pull request #49 from xmtp/human-friendly-sig-requests

snormore · web-flow · commit df9bdee7c620 · 2022-02-11T14:30:46.000-05:00
Human friendly signature requests
diff --git a/src/crypto/PrivateKeyBundle.ts b/src/crypto/PrivateKeyBundle.ts
@@ -4,7 +4,7 @@ import PublicKey from './PublicKey'
 import PublicKeyBundle from './PublicKeyBundle'
 import Ciphertext from './Ciphertext'
 import * as ethers from 'ethers'
-import { getRandomValues, hexToBytes } from './utils'
+import { bytesToHex, getRandomValues, hexToBytes } from './utils'
 import { decrypt, encrypt } from './encryption'
 import { NoMatchingPreKeyError } from './errors'
 
@@ -98,6 +98,19 @@ export default class PrivateKeyBundle implements proto.PrivateKeyBundle {
     return secret
   }
 
+  static storageSigRequestText(preKey: Uint8Array): string {
+    // Note that an update to this signature request text will require
+    // addition of backward compatability for existing encrypted bundles
+    // and/or a migration; otherwise clients will no longer be able to
+    // decrypt those bundles.
+    return (
+      'XMTP : Enable Identity\n' +
+      `${bytesToHex(preKey)}\n` +
+      '\n' +
+      'For more info: https://xmtp.org/signatures/'
+    )
+  }
+
   // encrypts/serializes the bundle for storage
   async encode(wallet: ethers.Signer): Promise<Uint8Array> {
     // serialize the contents
@@ -112,7 +125,9 @@ export default class PrivateKeyBundle implements proto.PrivateKeyBundle {
       preKeys: this.preKeys,
     }).finish()
     const wPreKey = getRandomValues(new Uint8Array(32))
-    const secret = hexToBytes(await wallet.signMessage(wPreKey))
+    const secret = hexToBytes(
+      await wallet.signMessage(PrivateKeyBundle.storageSigRequestText(wPreKey))
+    )
     const ciphertext = await encrypt(bytes, secret)
     return proto.EncryptedPrivateKeyBundle.encode({
       walletPreKey: wPreKey,
@@ -129,7 +144,11 @@ export default class PrivateKeyBundle implements proto.PrivateKeyBundle {
     if (!encrypted.walletPreKey) {
       throw new Error('missing wallet pre-key')
     }
-    const secret = hexToBytes(await wallet.signMessage(encrypted.walletPreKey))
+    const secret = hexToBytes(
+      await wallet.signMessage(
+        PrivateKeyBundle.storageSigRequestText(encrypted.walletPreKey)
+      )
+    )
     if (!encrypted.ciphertext?.aes256GcmHkdfSha256) {
       throw new Error('missing bundle ciphertext')
     }
diff --git a/src/crypto/PublicKey.ts b/src/crypto/PublicKey.ts
@@ -1,7 +1,7 @@
 import * as proto from '../../src/proto/messaging'
 import * as secp from '@noble/secp256k1'
 import Signature from './Signature'
-import { hexToBytes } from './utils'
+import { bytesToHex, hexToBytes } from './utils'
 import * as ethers from 'ethers'
 import { sha256 } from './encryption'
 
@@ -63,6 +63,19 @@ export default class PublicKey implements proto.PublicKey {
     }).finish()
   }
 
+  identitySigRequestText(): string {
+    // Note that an update to this signature request text will require
+    // addition of backward compatability for existing signatures
+    // and/or a migration; otherwise clients will fail to verify previously
+    // signed keys.
+    return (
+      'XMTP : Create Identity\n' +
+      `${bytesToHex(this.bytesToSign())}\n` +
+      '\n' +
+      'For more info: https://xmtp.org/signatures/'
+    )
+  }
+
   // verify that the provided PublicKey was signed by the corresponding PrivateKey
   async verifyKey(pub: PublicKey): Promise<boolean> {
     if (typeof pub.signature === undefined) {
@@ -80,7 +93,7 @@ export default class PublicKey implements proto.PublicKey {
     if (!this.secp256k1Uncompressed) {
       throw new Error('missing public key')
     }
-    const sigString = await wallet.signMessage(this.bytesToSign())
+    const sigString = await wallet.signMessage(this.identitySigRequestText())
     const eSig = ethers.utils.splitSignature(sigString)
     const r = hexToBytes(eSig.r)
     const s = hexToBytes(eSig.s)
@@ -104,7 +117,9 @@ export default class PublicKey implements proto.PublicKey {
     if (!this.secp256k1Uncompressed) {
       throw new Error('missing public key')
     }
-    const digest = hexToBytes(ethers.utils.hashMessage(this.bytesToSign()))
+    const digest = hexToBytes(
+      ethers.utils.hashMessage(this.identitySigRequestText())
+    )
     const pk = this.signature.getPublicKey(digest)
     if (!pk) {
       throw new Error('key was not signed by a wallet')
diff --git a/test/crypto/PrivateKeyBundle.test.ts b/test/crypto/PrivateKeyBundle.test.ts
@@ -0,0 +1,60 @@
+import * as assert from 'assert'
+import { PrivateKey, PrivateKeyBundle } from '../../src/crypto'
+import * as ethers from 'ethers'
+import { bytesToHex, getRandomValues, hexToBytes } from '../../src/crypto/utils'
+
+describe('Crypto', function () {
+  describe('PrivateKeyBundle', function () {
+    it('encrypts private key bundle for storage using a wallet', async function () {
+      // create a wallet using a generated key
+      const bobPri = PrivateKey.generate()
+      assert.ok(bobPri.secp256k1)
+      const wallet = new ethers.Wallet(bobPri.secp256k1.bytes)
+      // generate key bundle
+      const bob = await PrivateKeyBundle.generate(wallet)
+      // encrypt and serialize the bundle for storage
+      const bytes = await bob.encode(wallet)
+      // decrypt and decode the bundle from storage
+      const bobDecoded = await PrivateKeyBundle.decode(wallet, bytes)
+      assert.ok(bob.identityKey)
+      assert.ok(bobDecoded.identityKey)
+      assert.ok(bob.identityKey.publicKey.signature)
+      assert.ok(bobDecoded.identityKey.publicKey.signature)
+      assert.deepEqual(
+        bob.identityKey.publicKey.signature?.ecdsaCompact?.bytes,
+        bobDecoded.identityKey.publicKey.signature?.ecdsaCompact?.bytes
+      )
+      assert.ok(bob.identityKey.secp256k1)
+      assert.ok(bobDecoded.identityKey.secp256k1)
+      assert.deepEqual(
+        bob.identityKey.secp256k1.bytes,
+        bobDecoded.identityKey.secp256k1.bytes
+      )
+      assert.ok(bob.preKeys[0].secp256k1)
+      assert.ok(bobDecoded.preKeys[0].secp256k1)
+      assert.deepEqual(
+        bob.preKeys[0].secp256k1.bytes,
+        bobDecoded.preKeys[0].secp256k1.bytes
+      )
+    })
+
+    it('human-friendly storage signature request text', async function () {
+      const pri = PrivateKey.fromBytes(
+        hexToBytes(
+          '08aaa9dad3ed2f12220a206fd789a6ee2376bb6595b4ebace57c7a79e6e4f1f12c8416d611399eda6c74cb1a4c08aaa9dad3ed2f1a430a4104e208133ea0973a9968fe5362e5ac0a8bbbe2aa16d796add31f3d027a1b894389873d7f282163bceb1fc3ca60d589d1e667956c40fed4cdaa7edc1392d2100b8a'
+        )
+      )
+      assert.ok(pri.secp256k1)
+      const wallet = new ethers.Wallet(pri.secp256k1.bytes)
+      const bundle = await PrivateKeyBundle.generate(wallet)
+      const preKey = hexToBytes(
+        'f51bd1da9ec2239723ae2cf6a9f8d0ac37546b27e634002c653d23bacfcc67ad'
+      )
+      const actual = PrivateKeyBundle.storageSigRequestText(preKey)
+      const expected =
+        'XMTP : Enable Identity\nf51bd1da9ec2239723ae2cf6a9f8d0ac37546b27e634002c653d23bacfcc67ad\n\nFor more info: https://xmtp.org/signatures/'
+      assert.equal(actual, expected)
+      assert.ok(true)
+    })
+  })
+})
diff --git a/test/crypto/PublicKey.test.ts b/test/crypto/PublicKey.test.ts
@@ -0,0 +1,48 @@
+import * as assert from 'assert'
+import { PrivateKey, PublicKey, utils } from '../../src/crypto'
+import * as ethers from 'ethers'
+import { bytesToHex, hexToBytes } from '../../src/crypto/utils'
+
+describe('Crypto', function () {
+  describe('PublicKey', function () {
+    it('derives address from public key', function () {
+      // using the sample from https://kobl.one/blog/create-full-ethereum-keypair-and-address/
+      const bytes = utils.hexToBytes(
+        '04836b35a026743e823a90a0ee3b91bf615c6a757e2b60b9e1dc1826fd0dd16106f7bc1e8179f665015f43c6c81f39062fc2086ed849625c06e04697698b21855e'
+      )
+      const pub = new PublicKey({
+        secp256k1Uncompressed: { bytes },
+        timestamp: new Date().getTime(),
+      })
+      const address = pub.getEthereumAddress()
+      assert.equal(address, '0x0BED7ABd61247635c1973eB38474A2516eD1D884')
+    })
+
+    it('human-friendly identity key signature request', async function () {
+      const alice = PrivateKey.fromBytes(
+        hexToBytes(
+          '08aaa9dad3ed2f12220a206fd789a6ee2376bb6595b4ebace57c7a79e6e4f1f12c8416d611399eda6c74cb1a4c08aaa9dad3ed2f1a430a4104e208133ea0973a9968fe5362e5ac0a8bbbe2aa16d796add31f3d027a1b894389873d7f282163bceb1fc3ca60d589d1e667956c40fed4cdaa7edc1392d2100b8a'
+        )
+      )
+      const actual = alice.publicKey.identitySigRequestText()
+      const expected =
+        'XMTP : Create Identity\n08aaa9dad3ed2f1a430a4104e208133ea0973a9968fe5362e5ac0a8bbbe2aa16d796add31f3d027a1b894389873d7f282163bceb1fc3ca60d589d1e667956c40fed4cdaa7edc1392d2100b8a\n\nFor more info: https://xmtp.org/signatures/'
+      assert.equal(actual, expected)
+    })
+
+    it('signs keys using a wallet', async function () {
+      // create a wallet using a generated key
+      const alice = PrivateKey.generate()
+      assert.ok(alice.secp256k1)
+      const wallet = new ethers.Wallet(alice.secp256k1.bytes)
+      // sanity check that we agree with the wallet about the address
+      assert.ok(wallet.address, alice.publicKey.getEthereumAddress())
+      // sign the public key using the wallet
+      await alice.publicKey.signWithWallet(wallet)
+      assert.ok(alice.publicKey.signature)
+      // validate the key signature and return wallet address
+      const address = alice.publicKey.walletSignatureAddress()
+      assert.equal(address, wallet.address)
+    })
+  })
+})
diff --git a/test/crypto/index.test.ts b/test/crypto/index.test.ts
@@ -62,18 +62,6 @@ describe('Crypto', function () {
       pri.publicKey.secp256k1Uncompressed.bytes
     )
   })
-  it('derives address from public key', function () {
-    // using the sample from https://kobl.one/blog/create-full-ethereum-keypair-and-address/
-    const bytes = utils.hexToBytes(
-      '04836b35a026743e823a90a0ee3b91bf615c6a757e2b60b9e1dc1826fd0dd16106f7bc1e8179f665015f43c6c81f39062fc2086ed849625c06e04697698b21855e'
-    )
-    const pub = new PublicKey({
-      secp256k1Uncompressed: { bytes },
-      timestamp: new Date().getTime(),
-    })
-    const address = pub.getEthereumAddress()
-    assert.equal(address, '0x0BED7ABd61247635c1973eB38474A2516eD1D884')
-  })
   it('encrypts and decrypts payload with key bundles', async function () {
     const alice = await PrivateKeyBundle.generate()
     const bob = await PrivateKeyBundle.generate()
@@ -99,49 +87,4 @@ describe('Crypto', function () {
     assert.ok(pub2.preKey)
     assert.ok(pub2.identityKey.verifyKey(pub2.preKey))
   })
-  it('signs keys using a wallet', async function () {
-    // create a wallet using a generated key
-    const alice = PrivateKey.generate()
-    assert.ok(alice.secp256k1)
-    const wallet = new ethers.Wallet(alice.secp256k1.bytes)
-    // sanity check that we agree with the wallet about the address
-    assert.ok(wallet.address, alice.publicKey.getEthereumAddress())
-    // sign the public key using the wallet
-    await alice.publicKey.signWithWallet(wallet)
-    // validate the key signature and return wallet address
-    const address = alice.publicKey.walletSignatureAddress()
-    assert.equal(address, wallet.address)
-  })
-  it('encrypts private key bundle for storage using a wallet', async function () {
-    // create a wallet using a generated key
-    const alice = PrivateKey.generate()
-    assert.ok(alice.secp256k1)
-    const wallet = new ethers.Wallet(alice.secp256k1.bytes)
-    // generate key bundle
-    const bob = await PrivateKeyBundle.generate(wallet)
-    // encrypt and serialize the bundle for storage
-    const bytes = await bob.encode(wallet)
-    // decrypt and decode the bundle from storage
-    const bobDecoded = await PrivateKeyBundle.decode(wallet, bytes)
-    assert.ok(bob.identityKey)
-    assert.ok(bobDecoded.identityKey)
-    assert.ok(bob.identityKey.publicKey.signature)
-    assert.ok(bobDecoded.identityKey.publicKey.signature)
-    assert.deepEqual(
-      bob.identityKey.publicKey.signature?.ecdsaCompact?.bytes,
-      bobDecoded.identityKey.publicKey.signature?.ecdsaCompact?.bytes
-    )
-    assert.ok(bob.identityKey.secp256k1)
-    assert.ok(bobDecoded.identityKey.secp256k1)
-    assert.deepEqual(
-      bob.identityKey.secp256k1.bytes,
-      bobDecoded.identityKey.secp256k1.bytes
-    )
-    assert.ok(bob.preKeys[0].secp256k1)
-    assert.ok(bobDecoded.preKeys[0].secp256k1)
-    assert.deepEqual(
-      bob.preKeys[0].secp256k1.bytes,
-      bobDecoded.preKeys[0].secp256k1.bytes
-    )
-  })
 })
