Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Legacy key issues #767

Merged
merged 20 commits into from
May 23, 2024
Merged

Legacy key issues #767

merged 20 commits into from
May 23, 2024

Conversation

neekolas
Copy link
Contributor

@neekolas neekolas commented May 22, 2024

Summary

I've found issues creating a client with a legacy key. I've created a new test case that reproduces an issue. The legacy key I'm using was exported from xmtp-js.

  1. We are validating that the result of legacy_key_to_address matches the address provided. But legacy_key_to_address returns the XMTP V2 key converted to an eth address, when it should be returning the wallet that signed the XMTP v2 key. I have a fix for that.
  2. Even after that fix, I am seeing Identity(SignatureRequestBuilder(Signature(Invalid))) errors coming from my test case

@bwcDvorak bwcDvorak added the inbox-id Support for Inbox ID label May 22, 2024
bindings_ffi/src/mls.rs Outdated Show resolved Hide resolved
}

#[async_trait]
impl Signature for LegacyDelegatedSignature {
async fn recover_signer(&self) -> Result<MemberIdentifier, SignatureError> {
// 1. Verify the RecoverableEcdsaSignature
let legacy_signer = self.legacy_key_signature.recover_signer().await?;
// let legacy_signer = self.legacy_key_signature.recover_signer().await?;
Copy link
Contributor Author

@neekolas neekolas May 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still need to verify the signature from the private key. The only validation this function does is check which wallet signed the public key. But we also need to make sure that the signature of the signature text, using the private key, is valid as well. If either signature is wrong we should return an error.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#775 should be fixing this.

@@ -179,6 +179,27 @@ mod tests {
assert!(!client.installation_public_key().is_empty());
}

#[tokio::test]
async fn legacy_keys() {
Copy link
Contributor Author

@neekolas neekolas May 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a quirk with this test case. It uses the legacy key the first time it is run, but after it has been run once on the local DB you will get a different result in calls to get_inbox_ids for that account address. That's because the first test run will register 0x0bD00B21aF9a2D538103c3AAf95Cb507f8AF1B28 with the network. If the address is already registered, the IdentityStrategy won't use the legacy key and will prompt for a wallet signature.

We should probably replace this with a dynamically generated legacy key so that we don't get confusing results in local testing where you might not drop the DB after each test run.

The test won't fail right now, but it's testing totally different code paths on subsequent runs.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I added doc for this

@37ng 37ng marked this pull request as ready for review May 23, 2024 20:04
@37ng 37ng requested a review from a team as a code owner May 23, 2024 20:04
@37ng 37ng merged commit 09770ff into identity-release May 23, 2024
6 checks passed
@37ng 37ng deleted the nm/legacy-key-issues branch May 23, 2024 20:05
nplasterer added a commit that referenced this pull request May 24, 2024
* Create validated commit for MLS

* Create validated commit for MLS

* Add/Remove members using GroupMembership

* Add/Remove members using GroupMembership

* Remove unused import

* initial commit

* initial commit

* Use latest protos

* Add missing installations

* Validate Credential (#689)

* gen protos

* trait method

* scaffold out validation fn, comment next steps in validation fn

* validation of inbox ids

* no expiration

* key package validation

* add files

* restore proto

* remove println

* do not break the wasm bindings

* Message History: handle Reply better (#723)

* new identity in client (#728)

* Consolidate on single method

* initial commit

* initial commit

* new identity in client (#728)

* Hack together something that compiles

* Fix straggling issues

* New DB schema

* Stub validated commit v2

* Start on mutable metadata

* Add some metadata changes

* initial commit

* initial commit

* new identity in client (#728)

* Hack together something that compiles

* initial commit

* initial commit

* new identity in client (#728)

* Fix straggling issues

* Add inbox_id fixes

* Remove dead code

* Fix lints

* Derive default for MutableMetadataChanges

* Rename identity table

* Stub validated commit v2

* Identity DB Schema (#739)

* New DB schema

* Rename identity table

* Cache association state (#733)

This caches the association state for a given inbox_id and sequence_id, allowing us to skip recomputing it/issuing network requests for smart wallet associations.

* Adding and removing group members

* More cleanup

* Remove after add

* Lint

* Update xmtp_mls/src/groups/sync.rs

Co-authored-by: 37ng <[email protected]>

* bindings_ffi: new client & signatureRequest. (#748)

* Gather group members from DB

* Implement inbox_sequence_id method in client (#737)

* Lint

* Remove unused import

* Get tests passing

* Add new GroupUpdated proto

* Use new group updated codec

* More loose ends

* Move back to main

* Make pub

* More tests passing

* Remove a few more todos

* Fix up bindings

* Fix up bindings

* Fix up subscriptions tests

* Add hack for unexpected installations

* Fix issue with group creation

* Fix lints

* Use specific docker image

* Fix commit validation logic

* Update tests since we now have transcript messages

* Unignore more tests

* Lower concurrency

* Change test-threads

* Lint

* Fix args

* Ignore failing test

* Update log line

* Un-ignore test

* Update docker image

* Lower number of test threads

* Lower number of test threads in bindings tests

* Ignore flaky test

* Update lock files

* Use latest openmls branch

* Fix some errors

* Fix key package reference

* No more compile errors

* Remove unused import

* Use latest node go

* Store key package hash ref

* Get inbox ID for address method

* Add test

* Remove unused import

* Lint

* Legacy key issues (#767)

* add log

* add log

* bump uniffi version to fix logging issues

* force push to hopefully clean CI cache

* All String lower case (#777)

* lowercase for inbox id

* lowercase for in create_client

* lint

* cargo

* bump the openmls version to a merged commit

* fix format linter

* inbox id not account address anymore

* Remove Await Helper in favor of Async Transactions (#779)

* remove await helper

* do not load mls group on every iteration

* don't need to clone provider

* keep provider as reference

* remove process_for_id_async and just make process_for_id async

* bump to the latest jna library

* update the makefile with the updated jna

* update the binaries

---------

Co-authored-by: Andrew Plaza <[email protected]>
Co-authored-by: tuddman <[email protected]>
Co-authored-by: yoduyodu <[email protected]>
Co-authored-by: Richard Hua <[email protected]>
Co-authored-by: Naomi Plasterer <[email protected]>
@37ng 37ng mentioned this pull request May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
inbox-id Support for Inbox ID
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants