From 1d7faad5f4eb112f966b67ff62bb711294d4fca6 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 10:58:07 -0500 Subject: [PATCH 01/21] SCW Verification request --- proto/mls_validation/v1/service.proto | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index 61d994e..681a6a4 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package xmtp.mls_validation.v1; import "identity/associations/association.proto"; +import "identity/associations/signature.proto"; import "identity/credential.proto"; option go_package = "github.com/xmtp/proto/v3/go/mls_validation/v1"; @@ -18,6 +19,22 @@ service ValidationApi { // Validates InboxID key packages and returns credential information for them, without checking // whether an InboxId <> InstallationPublicKey pair is really valid. rpc ValidateInboxIdKeyPackages(ValidateInboxIdKeyPackagesRequest) returns (ValidateInboxIdKeyPackagesResponse) {} + + // Verifies smart contracts + rpc VerifySmartContractWalletSignatures(VerifySmartContractWalletSignaturesRequest) returns (VerifySmartContractWalletSignaturesResponse) {} +} + +message VerifySmartContractWalletSignaturesRequest { + repeated Signature signatures = 1; +} + +message VerifySmartContractWalletSignaturesResponse { + message ValidationResponse { + bool is_ok = 1; + string error_message = 2; + } + + repeated ValidationResponse responses = 1; } // Contains a batch of serialized Key Packages From 86bc5e757913be3a4cefb83413a140eefc303f44 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 11:06:33 -0500 Subject: [PATCH 02/21] fix --- proto/mls_validation/v1/service.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index 681a6a4..8ec5691 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -25,7 +25,7 @@ service ValidationApi { } message VerifySmartContractWalletSignaturesRequest { - repeated Signature signatures = 1; + repeated xmtp.identity.associations.Signature signatures = 1; } message VerifySmartContractWalletSignaturesResponse { From 3e2df2c9b30a28a584880f12f444955403bc8aba Mon Sep 17 00:00:00 2001 From: Nicholas Molnar <65710+neekolas@users.noreply.github.com> Date: Thu, 26 Sep 2024 11:34:29 -0500 Subject: [PATCH 03/21] Revert "Remove defunct protos" --- dev/kotlin/generate | 4 +- dev/ts/generate | 2 + proto/mls/api/v1/mls.proto | 92 +++++++++++++++++++- proto/mls/message_contents/association.proto | 54 ++++++++++++ proto/mls/message_contents/credential.proto | 31 +++++++ proto/mls_validation/v1/service.proto | 71 ++++++++++++--- proto/xmtpv4/message_api/message_api.proto | 4 +- ts/index.ts | 2 + 8 files changed, 242 insertions(+), 18 deletions(-) create mode 100644 proto/mls/message_contents/association.proto create mode 100644 proto/mls/message_contents/credential.proto diff --git a/dev/kotlin/generate b/dev/kotlin/generate index ccbbb35..222ec90 100755 --- a/dev/kotlin/generate +++ b/dev/kotlin/generate @@ -48,4 +48,6 @@ docker run --platform linux/x86_64 --rm -i -v${PWD}:/code xmtp/protoc-kotlin \ mls/message_contents/group_metadata.proto \ mls/message_contents/group_mutable_metadata.proto \ mls/message_contents/content.proto \ - mls/message_contents/transcript_messages.proto \ No newline at end of file + mls/message_contents/transcript_messages.proto \ + mls/message_contents/credential.proto \ + mls/message_contents/association.proto \ No newline at end of file diff --git a/dev/ts/generate b/dev/ts/generate index e618bfe..5f644cf 100755 --- a/dev/ts/generate +++ b/dev/ts/generate @@ -39,7 +39,9 @@ docker run --rm -i -v${PWD}:/code xmtp/protoc \ message_contents/ecies.proto \ mls/api/v1/mls.proto \ mls/database/intents.proto \ + mls/message_contents/association.proto \ mls/message_contents/content.proto \ + mls/message_contents/credential.proto \ mls/message_contents/group_membership.proto \ mls/message_contents/group_metadata.proto \ mls/message_contents/group_mutable_metadata.proto \ diff --git a/proto/mls/api/v1/mls.proto b/proto/mls/api/v1/mls.proto index b382f4b..42865cb 100644 --- a/proto/mls/api/v1/mls.proto +++ b/proto/mls/api/v1/mls.proto @@ -4,15 +4,16 @@ package xmtp.mls.api.v1; import "google/api/annotations.proto"; import "google/protobuf/empty.proto"; +import "message_contents/signature.proto"; import "protoc-gen-openapiv2/options/annotations.proto"; option go_package = "github.com/xmtp/proto/v3/go/mls/api/v1"; option java_package = "org.xmtp.proto.mls.api.v1"; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { info: { - title: "MlsApi" - version: "1.0" - } + title: "MlsApi"; + version: "1.0"; + }; }; // RPCs for the new MLS API @@ -34,6 +35,14 @@ service MlsApi { }; } + // Register a new installation, which would be validated before storage + rpc RegisterInstallation(RegisterInstallationRequest) returns (RegisterInstallationResponse) { + option (google.api.http) = { + post: "/mls/v1/register-installation" + body: "*" + }; + } + // Upload a new KeyPackage, which would be validated before storage rpc UploadKeyPackage(UploadKeyPackageRequest) returns (google.protobuf.Empty) { option (google.api.http) = { @@ -50,6 +59,25 @@ service MlsApi { }; } + // Would delete all key packages associated with the installation and mark + // the installation as having been revoked + rpc RevokeInstallation(RevokeInstallationRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + post: "/mls/v1/revoke-installation" + body: "*" + }; + } + + // Used to check for changes related to members of a group. + // Would return an array of any new installations associated with the wallet + // address, and any revocations that have happened. + rpc GetIdentityUpdates(GetIdentityUpdatesRequest) returns (GetIdentityUpdatesResponse) { + option (google.api.http) = { + post: "/mls/v1/get-identity-updates" + body: "*" + }; + } + // Query stored group messages rpc QueryGroupMessages(QueryGroupMessagesRequest) returns (QueryGroupMessagesResponse) { option (google.api.http) = { @@ -162,6 +190,18 @@ message KeyPackageUpload { bytes key_package_tls_serialized = 1; } +// Register a new installation +message RegisterInstallationRequest { + // The Key Package contains all information needed to register an installation + KeyPackageUpload key_package = 1; + bool is_inbox_id_credential= 2; +} + +// The response to a RegisterInstallationRequest +message RegisterInstallationResponse { + bytes installation_key = 1; +} + // Upload a new key packages message UploadKeyPackageRequest { // An individual key package upload request @@ -190,6 +230,52 @@ message FetchKeyPackagesResponse { repeated KeyPackage key_packages = 1; } +// Revoke an installation +message RevokeInstallationRequest { + bytes installation_key = 1; + // All revocations must be validated with a wallet signature over the + // installation_id being revoked (and some sort of standard prologue) + xmtp.message_contents.Signature wallet_signature = 2; +} + +// Get all updates for an identity since the specified time +message GetIdentityUpdatesRequest { + repeated string account_addresses = 1; + uint64 start_time_ns = 2; +} + +// Used to get any new or revoked installations for a list of wallet addresses +message GetIdentityUpdatesResponse { + // A new installation key was seen for the first time by the nodes + message NewInstallationUpdate { + bytes installation_key = 1; + bytes credential_identity = 2; + } + + // An installation was revoked + message RevokedInstallationUpdate { + bytes installation_key = 1; + } + + // A wrapper for any update to the wallet + message Update { + uint64 timestamp_ns = 1; + oneof kind { + NewInstallationUpdate new_installation = 2; + RevokedInstallationUpdate revoked_installation = 3; + } + } + + // A wrapper for the updates for a single wallet + message WalletUpdates { + repeated Update updates = 1; + } + + // A list of updates (or empty objects if no changes) in the original order + // of the request + repeated WalletUpdates updates = 1; +} + // Sort direction for queries enum SortDirection { SORT_DIRECTION_UNSPECIFIED = 0; diff --git a/proto/mls/message_contents/association.proto b/proto/mls/message_contents/association.proto new file mode 100644 index 0000000..b18ab67 --- /dev/null +++ b/proto/mls/message_contents/association.proto @@ -0,0 +1,54 @@ +// Associations and signatures +syntax = "proto3"; + +package xmtp.mls.message_contents; + +import "message_contents/public_key.proto"; + +option go_package = "github.com/xmtp/proto/v3/go/mls/message_contents"; +option java_package = "org.xmtp.proto.mls.message.contents"; + +// Allows for us to update the format of the association text without +// incrementing the entire proto +enum AssociationTextVersion { + ASSOCIATION_TEXT_VERSION_UNSPECIFIED = 0; + ASSOCIATION_TEXT_VERSION_1 = 1; +} + +// Used for "Grant Messaging Access" associations +message GrantMessagingAccessAssociation { + AssociationTextVersion association_text_version = 1; + RecoverableEcdsaSignature signature = 2; // EIP-191 signature + string account_address = 3; + uint64 created_ns = 4; +} + +// Used for "Revoke Messaging Access" associations +message RevokeMessagingAccessAssociation { + AssociationTextVersion association_text_version = 1; + RecoverableEcdsaSignature signature = 2; // EIP-191 signature + string account_address = 3; + uint64 created_ns = 4; +} + +// LegacyCreateIdentityAssociation is used when a v3 installation key +// is signed by a v2 identity key, which in turn is signed via a +// 'CreateIdentity' wallet signature +message LegacyCreateIdentityAssociation { + // Signs SHA-256 hash of installation key + RecoverableEcdsaSignature signature = 1; + // created_ns is encoded inside serialized key, account_address is recoverable + // from the SignedPublicKey signature + xmtp.message_contents.SignedPublicKey signed_legacy_create_identity_key = 2; +} + +// RecoverableEcdsaSignature +message RecoverableEcdsaSignature { + // 65-bytes [ R || S || V ], with recovery id as the last byte + bytes bytes = 1; +} + +// EdDSA signature bytes matching RFC 8032 +message EdDsaSignature { + bytes bytes = 1; +} diff --git a/proto/mls/message_contents/credential.proto b/proto/mls/message_contents/credential.proto new file mode 100644 index 0000000..69cee17 --- /dev/null +++ b/proto/mls/message_contents/credential.proto @@ -0,0 +1,31 @@ +// Credentials and revocations +syntax = "proto3"; + +package xmtp.mls.message_contents; + +import "mls/message_contents/association.proto"; + +option go_package = "github.com/xmtp/proto/v3/go/mls/message_contents"; +option java_package = "org.xmtp.proto.mls.message.contents"; + +// A credential that can be used in MLS leaf nodes +message MlsCredential { + bytes installation_public_key = 1; + oneof association { + GrantMessagingAccessAssociation messaging_access = 2; + LegacyCreateIdentityAssociation legacy_create_identity = 3; + } +} + +// A declaration and proof that a credential is no longer valid +message CredentialRevocation { + oneof public_key { + // The 'installation_public_key' field of the MlsCredential proto + bytes installation_key = 1; + // The 'key_bytes' field of the legacy SignedPublicKey proto + bytes unsigned_legacy_create_identity_key = 2; + } + oneof association { + RevokeMessagingAccessAssociation messaging_access = 3; + } +} diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index 61d994e..3842f8c 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -9,19 +9,40 @@ option go_package = "github.com/xmtp/proto/v3/go/mls_validation/v1"; // RPCs for the new MLS API service ValidationApi { + // Validates and parses a batch of key packages and returns relevant details + rpc ValidateKeyPackages(ValidateKeyPackagesRequest) returns (ValidateKeyPackagesResponse) {} + // Validates and parses a group message and returns relevant details rpc ValidateGroupMessages(ValidateGroupMessagesRequest) returns (ValidateGroupMessagesResponse) {} - + // Gets the final association state for a batch of identity updates rpc GetAssociationState(GetAssociationStateRequest) returns (GetAssociationStateResponse) {} - + // Validates InboxID key packages and returns credential information for them, without checking // whether an InboxId <> InstallationPublicKey pair is really valid. - rpc ValidateInboxIdKeyPackages(ValidateInboxIdKeyPackagesRequest) returns (ValidateInboxIdKeyPackagesResponse) {} + rpc ValidateInboxIdKeyPackages(ValidateKeyPackagesRequest) returns (ValidateInboxIdKeyPackagesResponse) {} + + // Validate an InboxID Key Package + // need public key possibly + rpc ValidateInboxIds(ValidateInboxIdsRequest) returns (ValidateInboxIdsResponse) {} +} + +// Validates a Inbox-ID Key Package Type +message ValidateInboxIdKeyPackagesResponse { + // one response corresponding to information about one key package + message Response { + bool is_ok = 1; + string error_message = 2; + xmtp.identity.MlsCredential credential = 3; + bytes installation_public_key = 4; + uint64 expiration = 5; + } + + repeated Response responses = 1; } // Contains a batch of serialized Key Packages -message ValidateInboxIdKeyPackagesRequest { +message ValidateKeyPackagesRequest { // Wrapper for each key package message KeyPackage { bytes key_package_bytes_tls_serialized = 1; @@ -31,18 +52,19 @@ message ValidateInboxIdKeyPackagesRequest { repeated KeyPackage key_packages = 1; } -// Validates a Inbox-ID Key Package Type -message ValidateInboxIdKeyPackagesResponse { - // one response corresponding to information about one key package - message Response { +// Response to ValidateKeyPackagesRequest +message ValidateKeyPackagesResponse { + // An individual response to one key package + message ValidationResponse { bool is_ok = 1; string error_message = 2; - xmtp.identity.MlsCredential credential = 3; - bytes installation_public_key = 4; - uint64 expiration = 5; + bytes installation_id = 3; + string account_address = 4; + bytes credential_identity_bytes = 5; + uint64 expiration = 6; } - repeated Response responses = 1; + repeated ValidationResponse responses = 1; } // Contains a batch of serialized Group Messages @@ -80,3 +102,28 @@ message GetAssociationStateResponse { xmtp.identity.associations.AssociationState association_state = 1; xmtp.identity.associations.AssociationStateDiff state_diff = 2; } + +// Request to validate an InboxID with the backend service. Ensures an Inbox Id <> Installation key are valid. +message ValidateInboxIdsRequest { + // a single validation request + message ValidationRequest { + xmtp.identity.MlsCredential credential = 1; + bytes installation_public_key = 2; + repeated xmtp.identity.associations.IdentityUpdate identity_updates = 3; + } + + // list of validation requests + repeated ValidationRequest requests = 1; +} + +// Response to ValidateInboxIdRequest +message ValidateInboxIdsResponse { + // a single validation response + message ValidationResponse { + bool is_ok = 1; + string error_message = 2; + string inbox_id = 3; + } + // List of validation responses + repeated ValidationResponse responses = 1; +} diff --git a/proto/xmtpv4/message_api/message_api.proto b/proto/xmtpv4/message_api/message_api.proto index 70e371d..e69f76c 100644 --- a/proto/xmtpv4/message_api/message_api.proto +++ b/proto/xmtpv4/message_api/message_api.proto @@ -4,7 +4,6 @@ syntax = "proto3"; package xmtp.xmtpv4; import "google/api/annotations.proto"; -import "identity/associations/association.proto"; import "identity/associations/signature.proto"; import "mls/api/v1/mls.proto"; @@ -27,8 +26,9 @@ message ClientEnvelope { oneof payload { xmtp.mls.api.v1.GroupMessageInput group_message = 1; xmtp.mls.api.v1.WelcomeMessageInput welcome_message = 2; - xmtp.identity.associations.IdentityUpdate identity_update = 3; + xmtp.mls.api.v1.RegisterInstallationRequest register_installation = 3; xmtp.mls.api.v1.UploadKeyPackageRequest upload_key_package = 4; + xmtp.mls.api.v1.RevokeInstallationRequest revoke_installation = 5; } AuthenticatedData aad = 6; } diff --git a/ts/index.ts b/ts/index.ts index 3a3002f..74a4223 100644 --- a/ts/index.ts +++ b/ts/index.ts @@ -18,7 +18,9 @@ export * as signedPayload from "./message_contents/signed_payload.pb"; export * as ecies from "./message_contents/ecies.pb"; export * as mlsApi from "./mls/api/v1/mls.pb"; export * as mlsDatabaseIntent from "./mls/database/intents.pb"; +export * as mlsAssociation from "./mls/message_contents/association.pb"; export * as mlsContent from "./mls/message_contents/content.pb"; +export * as mlsCredential from "./mls/message_contents/credential.pb"; export * as mlsGroupMembership from "./mls/message_contents/group_membership.pb"; export * as mlsGroupMetadata from "./mls/message_contents/group_metadata.pb"; export * as mlsGroupMutableMetadata from "./mls/message_contents/group_mutable_metadata.pb"; From f71c8d38c92e59b76e58c9c34dbd2b9b35fc59cd Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 11:51:50 -0500 Subject: [PATCH 04/21] add the api request --- proto/identity/api/v1/identity.proto | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/proto/identity/api/v1/identity.proto b/proto/identity/api/v1/identity.proto index ef4403e..3543cb7 100644 --- a/proto/identity/api/v1/identity.proto +++ b/proto/identity/api/v1/identity.proto @@ -43,6 +43,13 @@ service IdentityApi { body: "*" }; } + + rpc VerifySmartContractWalletSignatures(VerifySmartContractWalletSignaturesRequest) returns (VerifySmartContractWalletSignaturesResponse) { + option (google.api.http) = { + post: "/identity/v1/verify-smart-contract-wallet-signatures" + body: "*" + }; + } } // Publishes an identity update to the network From c648aef7869e5cff4f1ecc5625d5dd9c0cb8ee27 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 11:59:06 -0500 Subject: [PATCH 05/21] add types for identity requests --- proto/identity/api/v1/identity.proto | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/proto/identity/api/v1/identity.proto b/proto/identity/api/v1/identity.proto index 3543cb7..29fd81a 100644 --- a/proto/identity/api/v1/identity.proto +++ b/proto/identity/api/v1/identity.proto @@ -4,6 +4,7 @@ package xmtp.identity.api.v1; import "google/api/annotations.proto"; import "identity/associations/association.proto"; +import "identity/associations/signature.proto"; import "protoc-gen-openapiv2/options/annotations.proto"; option go_package = "github.com/xmtp/proto/v3/go/mls/api/v1"; @@ -52,6 +53,19 @@ service IdentityApi { } } +message VerifySmartContractWalletSignaturesRequest { + repeated xmtp.identity.associations.Signature signatures = 1; +} + +message VerifySmartContractWalletSignaturesResponse { + message ValidationResponse { + bool is_ok = 1; + string error_message = 2; + } + + repeated ValidationResponse responses = 1; + + // Publishes an identity update to the network message PublishIdentityUpdateRequest { xmtp.identity.associations.IdentityUpdate identity_update = 1; From 6e470df40426449c04112c79b139a5557d1ac793 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 12:01:13 -0500 Subject: [PATCH 06/21] missing bracket --- proto/identity/api/v1/identity.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proto/identity/api/v1/identity.proto b/proto/identity/api/v1/identity.proto index 29fd81a..6df2eaa 100644 --- a/proto/identity/api/v1/identity.proto +++ b/proto/identity/api/v1/identity.proto @@ -64,7 +64,7 @@ message VerifySmartContractWalletSignaturesResponse { } repeated ValidationResponse responses = 1; - +} // Publishes an identity update to the network message PublishIdentityUpdateRequest { From 2d6cfa033f28215be8318553d0e67792cfcea9cb Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 14:34:42 -0500 Subject: [PATCH 07/21] SCW Signatures instead of generic signatures --- proto/identity/associations/signature.proto | 11 ++++++----- proto/mls_validation/v1/service.proto | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/proto/identity/associations/signature.proto b/proto/identity/associations/signature.proto index 97a7ff0..bd4f207 100644 --- a/proto/identity/associations/signature.proto +++ b/proto/identity/associations/signature.proto @@ -27,12 +27,13 @@ message SmartContractWalletSignature { // CAIP-10 string // https://github.com/ChainAgnostic/CAIPs/blob/main/CAIPs/caip-10.md string account_id = 1; - // Specify the block number to verify the signature against - uint64 block_number = 2; // The actual signature bytes - bytes signature = 3; - // The RPC URL specifies a chain to verify the signature against - string chain_rpc_url = 4; + bytes signature = 2; + // The base 10 id of the EVM chain + uint64 chain_id = 3; + + // Specify the block number to verify the signature against + optional uint64 block_number = 4; } // An existing address on xmtpv2 may have already signed a legacy identity key diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index 63f639d..b60ea04 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -32,7 +32,7 @@ service ValidationApi { } message VerifySmartContractWalletSignaturesRequest { - repeated xmtp.identity.associations.Signature signatures = 1; + repeated xmtp.identity.associations.SmartContractWalletSignature signatures = 1; } message VerifySmartContractWalletSignaturesResponse { From a57ce2f651fba4f8f9887e6a9b6cfd31fc1350e2 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 14:51:10 -0500 Subject: [PATCH 08/21] require block number --- proto/identity/associations/signature.proto | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/proto/identity/associations/signature.proto b/proto/identity/associations/signature.proto index bd4f207..54447be 100644 --- a/proto/identity/associations/signature.proto +++ b/proto/identity/associations/signature.proto @@ -27,13 +27,14 @@ message SmartContractWalletSignature { // CAIP-10 string // https://github.com/ChainAgnostic/CAIPs/blob/main/CAIPs/caip-10.md string account_id = 1; + // Specify the block number to verify the signature against + uint64 block_number = 2; // The actual signature bytes - bytes signature = 2; + bytes signature = 3; // The base 10 id of the EVM chain - uint64 chain_id = 3; + uint64 chain_id = 4; + - // Specify the block number to verify the signature against - optional uint64 block_number = 4; } // An existing address on xmtpv2 may have already signed a legacy identity key From a7112229867e0d24bf6b2244727f3a4ecc61fd37 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Thu, 26 Sep 2024 15:41:16 -0500 Subject: [PATCH 09/21] include the hash --- proto/identity/associations/signature.proto | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proto/identity/associations/signature.proto b/proto/identity/associations/signature.proto index 54447be..9f893f9 100644 --- a/proto/identity/associations/signature.proto +++ b/proto/identity/associations/signature.proto @@ -33,8 +33,8 @@ message SmartContractWalletSignature { bytes signature = 3; // The base 10 id of the EVM chain uint64 chain_id = 4; - - + // A 32 byte hash + bytes hash = 5; } // An existing address on xmtpv2 may have already signed a legacy identity key From fdab3261e2192f009af80aabe31639a6eb567e10 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 10:17:23 -0400 Subject: [PATCH 10/21] not using the error msg --- proto/identity/api/v1/identity.proto | 3 +-- proto/mls_validation/v1/service.proto | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/proto/identity/api/v1/identity.proto b/proto/identity/api/v1/identity.proto index 6df2eaa..ea04331 100644 --- a/proto/identity/api/v1/identity.proto +++ b/proto/identity/api/v1/identity.proto @@ -59,8 +59,7 @@ message VerifySmartContractWalletSignaturesRequest { message VerifySmartContractWalletSignaturesResponse { message ValidationResponse { - bool is_ok = 1; - string error_message = 2; + bool is_valid = 1; } repeated ValidationResponse responses = 1; diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index b60ea04..187055f 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -37,8 +37,7 @@ message VerifySmartContractWalletSignaturesRequest { message VerifySmartContractWalletSignaturesResponse { message ValidationResponse { - bool is_ok = 1; - string error_message = 2; + bool is_valid = 1; } repeated ValidationResponse responses = 1; From 972119d11e0eb12aad49c25504576a9a1b0c6f24 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 11:54:42 -0400 Subject: [PATCH 11/21] update chain_id type --- proto/identity/associations/signature.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proto/identity/associations/signature.proto b/proto/identity/associations/signature.proto index 9f893f9..ac4b984 100644 --- a/proto/identity/associations/signature.proto +++ b/proto/identity/associations/signature.proto @@ -32,7 +32,7 @@ message SmartContractWalletSignature { // The actual signature bytes bytes signature = 3; // The base 10 id of the EVM chain - uint64 chain_id = 4; + string chain_id = 4; // A 32 byte hash bytes hash = 5; } From 438ac4ba2717fb2e7d49f7aa419e6deb57df8320 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 12:28:49 -0400 Subject: [PATCH 12/21] chain id is contained in account_id --- proto/identity/associations/signature.proto | 2 -- 1 file changed, 2 deletions(-) diff --git a/proto/identity/associations/signature.proto b/proto/identity/associations/signature.proto index ac4b984..c8bcf7f 100644 --- a/proto/identity/associations/signature.proto +++ b/proto/identity/associations/signature.proto @@ -31,8 +31,6 @@ message SmartContractWalletSignature { uint64 block_number = 2; // The actual signature bytes bytes signature = 3; - // The base 10 id of the EVM chain - string chain_id = 4; // A 32 byte hash bytes hash = 5; } From 86d2466e9cbc69b661b32dc35a1f2f6f4b645455 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 14:17:57 -0400 Subject: [PATCH 13/21] move the hash over to a request --- proto/identity/api/v1/identity.proto | 8 +++++++- proto/identity/associations/signature.proto | 2 -- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/proto/identity/api/v1/identity.proto b/proto/identity/api/v1/identity.proto index ea04331..a2629d9 100644 --- a/proto/identity/api/v1/identity.proto +++ b/proto/identity/api/v1/identity.proto @@ -54,7 +54,13 @@ service IdentityApi { } message VerifySmartContractWalletSignaturesRequest { - repeated xmtp.identity.associations.Signature signatures = 1; + repeated SignatureVerificationRequest signatures = 1; +} + +message SignatureVerificationRequest { + xmtp.identity.associations.Signature signature = 1; + // SHA256 hash of the signature payload + bytes hash = 5; } message VerifySmartContractWalletSignaturesResponse { diff --git a/proto/identity/associations/signature.proto b/proto/identity/associations/signature.proto index c8bcf7f..112ae1d 100644 --- a/proto/identity/associations/signature.proto +++ b/proto/identity/associations/signature.proto @@ -31,8 +31,6 @@ message SmartContractWalletSignature { uint64 block_number = 2; // The actual signature bytes bytes signature = 3; - // A 32 byte hash - bytes hash = 5; } // An existing address on xmtpv2 may have already signed a legacy identity key From d900601992594fab4d5d39451ec60f270683c957 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 14:31:39 -0400 Subject: [PATCH 14/21] reuse definitions --- proto/mls_validation/v1/service.proto | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index 187055f..f0b106e 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -4,6 +4,7 @@ package xmtp.mls_validation.v1; import "identity/associations/association.proto"; import "identity/associations/signature.proto"; +import "identity/api/v1/identity.proto"; import "identity/credential.proto"; option go_package = "github.com/xmtp/proto/v3/go/mls_validation/v1"; @@ -28,19 +29,7 @@ service ValidationApi { rpc ValidateInboxIds(ValidateInboxIdsRequest) returns (ValidateInboxIdsResponse) {} // Verifies smart contracts - rpc VerifySmartContractWalletSignatures(VerifySmartContractWalletSignaturesRequest) returns (VerifySmartContractWalletSignaturesResponse) {} -} - -message VerifySmartContractWalletSignaturesRequest { - repeated xmtp.identity.associations.SmartContractWalletSignature signatures = 1; -} - -message VerifySmartContractWalletSignaturesResponse { - message ValidationResponse { - bool is_valid = 1; - } - - repeated ValidationResponse responses = 1; + rpc VerifySmartContractWalletSignatures(xmtp.identity.api.v1.VerifySmartContractWalletSignaturesRequest) returns (xmtp.identity.api.v1.VerifySmartContractWalletSignaturesResponse) {} } // Contains a batch of serialized Key Packages From fbfe8e3dcfc88cdfe59e5f0e5c39fbe93a454a29 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 14:42:51 -0400 Subject: [PATCH 15/21] small adjustment --- proto/identity/api/v1/identity.proto | 6 +++--- proto/mls_validation/v1/service.proto | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/proto/identity/api/v1/identity.proto b/proto/identity/api/v1/identity.proto index a2629d9..799a100 100644 --- a/proto/identity/api/v1/identity.proto +++ b/proto/identity/api/v1/identity.proto @@ -54,11 +54,11 @@ service IdentityApi { } message VerifySmartContractWalletSignaturesRequest { - repeated SignatureVerificationRequest signatures = 1; + repeated UnverifiedSmartContractWalletSignature signatures = 1; } -message SignatureVerificationRequest { - xmtp.identity.associations.Signature signature = 1; +message UnverifiedSmartContractWalletSignature { + xmtp.identity.associations.SmartContractWalletSignature scw_signature = 1; // SHA256 hash of the signature payload bytes hash = 5; } diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index f0b106e..c4f905a 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -29,6 +29,7 @@ service ValidationApi { rpc ValidateInboxIds(ValidateInboxIdsRequest) returns (ValidateInboxIdsResponse) {} // Verifies smart contracts + // This request is proxied from the node, so we'll reuse those messgaes. rpc VerifySmartContractWalletSignatures(xmtp.identity.api.v1.VerifySmartContractWalletSignaturesRequest) returns (xmtp.identity.api.v1.VerifySmartContractWalletSignaturesResponse) {} } From 7e4446e45c14b48615ff22b6665aa2f5469f695b Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 15:28:46 -0400 Subject: [PATCH 16/21] lint --- proto/mls_validation/v1/service.proto | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/proto/mls_validation/v1/service.proto b/proto/mls_validation/v1/service.proto index c4f905a..d430a30 100644 --- a/proto/mls_validation/v1/service.proto +++ b/proto/mls_validation/v1/service.proto @@ -2,9 +2,9 @@ syntax = "proto3"; package xmtp.mls_validation.v1; +import "identity/api/v1/identity.proto"; import "identity/associations/association.proto"; import "identity/associations/signature.proto"; -import "identity/api/v1/identity.proto"; import "identity/credential.proto"; option go_package = "github.com/xmtp/proto/v3/go/mls_validation/v1"; @@ -30,7 +30,11 @@ service ValidationApi { // Verifies smart contracts // This request is proxied from the node, so we'll reuse those messgaes. - rpc VerifySmartContractWalletSignatures(xmtp.identity.api.v1.VerifySmartContractWalletSignaturesRequest) returns (xmtp.identity.api.v1.VerifySmartContractWalletSignaturesResponse) {} + rpc VerifySmartContractWalletSignatures( + xmtp.identity.api.v1.VerifySmartContractWalletSignaturesRequest + ) returns ( + xmtp.identity.api.v1.VerifySmartContractWalletSignaturesResponse + ) {} } // Contains a batch of serialized Key Packages From 4423d8368a55ecb840a241c31f34da6cfa7b2207 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 15:30:49 -0400 Subject: [PATCH 17/21] add a comment --- proto/identity/api/v1/identity.proto | 1 + 1 file changed, 1 insertion(+) diff --git a/proto/identity/api/v1/identity.proto b/proto/identity/api/v1/identity.proto index 799a100..ae933a2 100644 --- a/proto/identity/api/v1/identity.proto +++ b/proto/identity/api/v1/identity.proto @@ -45,6 +45,7 @@ service IdentityApi { }; } + // Verify an unverified smart contract wallet signature rpc VerifySmartContractWalletSignatures(VerifySmartContractWalletSignaturesRequest) returns (VerifySmartContractWalletSignaturesResponse) { option (google.api.http) = { post: "/identity/v1/verify-smart-contract-wallet-signatures" From 00018f0e834b7b8a5302e6ccebcf233f44335bd7 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 16:42:36 -0400 Subject: [PATCH 18/21] remove reverted files --- proto/mls/message_contents/association.proto | 54 -------------------- proto/mls/message_contents/credential.proto | 31 ----------- 2 files changed, 85 deletions(-) delete mode 100644 proto/mls/message_contents/association.proto delete mode 100644 proto/mls/message_contents/credential.proto diff --git a/proto/mls/message_contents/association.proto b/proto/mls/message_contents/association.proto deleted file mode 100644 index b18ab67..0000000 --- a/proto/mls/message_contents/association.proto +++ /dev/null @@ -1,54 +0,0 @@ -// Associations and signatures -syntax = "proto3"; - -package xmtp.mls.message_contents; - -import "message_contents/public_key.proto"; - -option go_package = "github.com/xmtp/proto/v3/go/mls/message_contents"; -option java_package = "org.xmtp.proto.mls.message.contents"; - -// Allows for us to update the format of the association text without -// incrementing the entire proto -enum AssociationTextVersion { - ASSOCIATION_TEXT_VERSION_UNSPECIFIED = 0; - ASSOCIATION_TEXT_VERSION_1 = 1; -} - -// Used for "Grant Messaging Access" associations -message GrantMessagingAccessAssociation { - AssociationTextVersion association_text_version = 1; - RecoverableEcdsaSignature signature = 2; // EIP-191 signature - string account_address = 3; - uint64 created_ns = 4; -} - -// Used for "Revoke Messaging Access" associations -message RevokeMessagingAccessAssociation { - AssociationTextVersion association_text_version = 1; - RecoverableEcdsaSignature signature = 2; // EIP-191 signature - string account_address = 3; - uint64 created_ns = 4; -} - -// LegacyCreateIdentityAssociation is used when a v3 installation key -// is signed by a v2 identity key, which in turn is signed via a -// 'CreateIdentity' wallet signature -message LegacyCreateIdentityAssociation { - // Signs SHA-256 hash of installation key - RecoverableEcdsaSignature signature = 1; - // created_ns is encoded inside serialized key, account_address is recoverable - // from the SignedPublicKey signature - xmtp.message_contents.SignedPublicKey signed_legacy_create_identity_key = 2; -} - -// RecoverableEcdsaSignature -message RecoverableEcdsaSignature { - // 65-bytes [ R || S || V ], with recovery id as the last byte - bytes bytes = 1; -} - -// EdDSA signature bytes matching RFC 8032 -message EdDsaSignature { - bytes bytes = 1; -} diff --git a/proto/mls/message_contents/credential.proto b/proto/mls/message_contents/credential.proto deleted file mode 100644 index 69cee17..0000000 --- a/proto/mls/message_contents/credential.proto +++ /dev/null @@ -1,31 +0,0 @@ -// Credentials and revocations -syntax = "proto3"; - -package xmtp.mls.message_contents; - -import "mls/message_contents/association.proto"; - -option go_package = "github.com/xmtp/proto/v3/go/mls/message_contents"; -option java_package = "org.xmtp.proto.mls.message.contents"; - -// A credential that can be used in MLS leaf nodes -message MlsCredential { - bytes installation_public_key = 1; - oneof association { - GrantMessagingAccessAssociation messaging_access = 2; - LegacyCreateIdentityAssociation legacy_create_identity = 3; - } -} - -// A declaration and proof that a credential is no longer valid -message CredentialRevocation { - oneof public_key { - // The 'installation_public_key' field of the MlsCredential proto - bytes installation_key = 1; - // The 'key_bytes' field of the legacy SignedPublicKey proto - bytes unsigned_legacy_create_identity_key = 2; - } - oneof association { - RevokeMessagingAccessAssociation messaging_access = 3; - } -} From 74a80e7b818c8d85d52f441ec2db77fb3f5ceef5 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 16:45:00 -0400 Subject: [PATCH 19/21] cleanup --- dev/kotlin/generate | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dev/kotlin/generate b/dev/kotlin/generate index 222ec90..6d77222 100755 --- a/dev/kotlin/generate +++ b/dev/kotlin/generate @@ -3,7 +3,7 @@ set -e ( cd dev/kotlin/protoc - docker build --platform linux/x86_64 -t xmtp/protoc-kotlin . + docker build --platform linux/x86_64 -t xmtp/protoc-kotlin . ) rm -rf ./kotlin/lib/src/main/kotlin @@ -48,6 +48,4 @@ docker run --platform linux/x86_64 --rm -i -v${PWD}:/code xmtp/protoc-kotlin \ mls/message_contents/group_metadata.proto \ mls/message_contents/group_mutable_metadata.proto \ mls/message_contents/content.proto \ - mls/message_contents/transcript_messages.proto \ - mls/message_contents/credential.proto \ - mls/message_contents/association.proto \ No newline at end of file + mls/message_contents/transcript_messages.proto From a93772f35299cc744118f04639880cafd9aa3068 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 16:49:10 -0400 Subject: [PATCH 20/21] cleanup --- dev/ts/generate | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/dev/ts/generate b/dev/ts/generate index 5f644cf..6c771f6 100755 --- a/dev/ts/generate +++ b/dev/ts/generate @@ -39,11 +39,9 @@ docker run --rm -i -v${PWD}:/code xmtp/protoc \ message_contents/ecies.proto \ mls/api/v1/mls.proto \ mls/database/intents.proto \ - mls/message_contents/association.proto \ mls/message_contents/content.proto \ - mls/message_contents/credential.proto \ mls/message_contents/group_membership.proto \ mls/message_contents/group_metadata.proto \ mls/message_contents/group_mutable_metadata.proto \ mls/message_contents/transcript_messages.proto \ - mls_validation/v1/service.proto \ No newline at end of file + mls_validation/v1/service.proto From 2c2592ec4cfa0d6383947a3a5ed4692accb69a98 Mon Sep 17 00:00:00 2001 From: Dakota Brink Date: Wed, 2 Oct 2024 16:57:03 -0400 Subject: [PATCH 21/21] cleanup --- ts/index.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ts/index.ts b/ts/index.ts index 74a4223..aef2b6c 100644 --- a/ts/index.ts +++ b/ts/index.ts @@ -18,11 +18,9 @@ export * as signedPayload from "./message_contents/signed_payload.pb"; export * as ecies from "./message_contents/ecies.pb"; export * as mlsApi from "./mls/api/v1/mls.pb"; export * as mlsDatabaseIntent from "./mls/database/intents.pb"; -export * as mlsAssociation from "./mls/message_contents/association.pb"; export * as mlsContent from "./mls/message_contents/content.pb"; -export * as mlsCredential from "./mls/message_contents/credential.pb"; export * as mlsGroupMembership from "./mls/message_contents/group_membership.pb"; export * as mlsGroupMetadata from "./mls/message_contents/group_metadata.pb"; export * as mlsGroupMutableMetadata from "./mls/message_contents/group_mutable_metadata.pb"; export * as mlsTranscriptMessages from "./mls/message_contents/transcript_messages.pb"; -export * as mlsValidationService from "./mls_validation/v1/service.pb"; \ No newline at end of file +export * as mlsValidationService from "./mls_validation/v1/service.pb";