-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Recover signer from payer envelopes (#234)
## tl;dr - Adds method to recover the signer from payer envelopes (#232) - Refactors domain separation for jwt's and payer envelopes ### AI Assisted Summary Introduced domain separation for payer signatures, and added functionality to recover signer addresses from payer envelopes. ### What changed? - Created a new `constants` package with domain separation labels for JWT and payer signatures. - Updated the JWT signing method to use the new constant for domain separation. - Implemented a `RecoverSigner` method for `PayerEnvelope` to extract the signer's address. - Added utility functions for hashing and signing payer envelopes. - Expanded test coverage for envelope signer recovery. ### Why make this change? This change enhances security and consistency by introducing domain separation for signatures. It also adds the ability to recover signer addresses from payer envelopes, which is crucial for verifying the authenticity of messages and implementing payer-based features in the system.
- Loading branch information
Showing
6 changed files
with
116 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
package constants | ||
|
||
const ( | ||
JWT_DOMAIN_SEPARATION_LABEL = "jwt|" | ||
PAYER_DOMAIN_SEPARATION_LABEL = "payer|" | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package utils | ||
|
||
import ( | ||
ethcrypto "github.com/ethereum/go-ethereum/crypto" | ||
"github.com/xmtp/xmtpd/pkg/constants" | ||
) | ||
|
||
func HashPayerSignatureInput(unsignedClientEnvelope []byte) []byte { | ||
return ethcrypto.Keccak256( | ||
[]byte(constants.PAYER_DOMAIN_SEPARATION_LABEL), | ||
unsignedClientEnvelope, | ||
) | ||
} | ||
|
||
func HashJWTSignatureInput(textToSign []byte) []byte { | ||
return ethcrypto.Keccak256( | ||
[]byte(constants.JWT_DOMAIN_SEPARATION_LABEL), | ||
textToSign, | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package utils | ||
|
||
import ( | ||
"crypto/ecdsa" | ||
|
||
ethcrypto "github.com/ethereum/go-ethereum/crypto" | ||
) | ||
|
||
func SignPayerEnvelope( | ||
unsignedClientEnvelope []byte, | ||
payerPrivateKey *ecdsa.PrivateKey, | ||
) ([]byte, error) { | ||
hash := HashPayerSignatureInput(unsignedClientEnvelope) | ||
signature, err := ethcrypto.Sign(hash, payerPrivateKey) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return signature, nil | ||
} |