fix: make SIWE default to EIP55 #193
Conversation
| @@ -78,7 +78,7 @@ async function createCACAO( | |||
| resources: opts.resources, | |||
| }) | |||
| const signature = await safeSend(ethProvider, 'personal_sign', [ | |||
| encodeHexStr(siweMessage.signMessage()), | |||
| encodeHexStr(siweMessage.signMessage({ eip55: true })), | |||
There was a problem hiding this comment.
I thought line https://github.com/ceramicnetwork/js-did/pull/193/files#diff-d2c60f04e1dcb4772ca82cf036d7f3826d992a107c54b8ff1e844128fb091189R99 was the issue with the casing of the address?
What you are signing might be modified to be eip55 but the message itself doesn't seem to have the casing.
Or am I mistaken?
There was a problem hiding this comment.
Also this -
...?There was a problem hiding this comment.
So this get's a bit complicated because Ceramic needs the DID in lowercase format for the controller of any given stream.
The .signMessage is badly named. It really just returns the messaged to be sent to the wallet and signed. You can see the implementation accepts the eip55 parameter here:
js-did/packages/cacao/src/siwx/siwe.ts
Lines 28 to 43 in 3a8ad6d
There was a problem hiding this comment.
Ok. So I would use toMessageEip55() to get the string with the correct casing.
The signature associated with the SiweMessage object used for the session, did that use lower case for the address when signing the string, or does it use the EIP-55 format?
There was a problem hiding this comment.
Yes, and toMessageEip55() in turn uses checksumAddress from the viem package.
The string that gets sent to the wallet for signing should be a valid SIWE message, i.e. use eip55 encoding for the address.
There was a problem hiding this comment.
I switched to using toMessageEip55() but now there is a signature mismatch with the signature on the SIWE message object.
Here is the code I use to get the information from the DID session:
const session = await DIDSession.fromSession(sessionStr);
const message = SiweMessage.fromCacao(session.cacao);
const messageStr = message.toMessageEip55();
const signature = message.signature;Later on when validating the signature with the message, the validation fails:
error: SiweError
expected: "0xf9B4Fbf41C540ba28491a5B9EFD9BbcaBaaa95d3"
received: "Resolved address to be 0x2d1F436Ce1A7Ca3959f23D90981B2e65f46629e6"
type: "Signature does not match address of the message."
There was a problem hiding this comment.
@derekpierre Why are you calling .toMessageEip55() separately? Maybe if you want to share more of your code I can help to see what's going wrong?
There was a problem hiding this comment.
Ah, it was an old dependency. It works now!
I call .toMessageEip55() because I'm trying to reuse the same SIWE message string and signature that Ceramic stores in the DIDSession. This message/signature combination is passed to TACo nodes as proof of ownership of a wallet - so instead of generating a separate one, we just reuse Ceramic's as a single sign-on type of functionality.
There was a problem hiding this comment.
Ok, glad you got it working. Let us know if you run into any other issues!
A while back we updated the
@didtools/cacaopackage to be able to verify SIWE messages with both eip55 encoded ethereum addresses as well as lower case ones. This is because the SIWE spec requires the address to be eip55. We needed to roll this change out to@ceramicnetwork/*packages before we could change the default behavior to sign eip55 messages from the pkh-ethereum package. This PR makes this change.