xmtp · codabrink · Oct 3, 2024 · Sep 26, 2024 · Sep 26, 2024 · Sep 30, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/bindings_ffi/src/mls.rs b/bindings_ffi/src/mls.rs
@@ -203,17 +203,18 @@ impl FfiSignatureRequest {
     pub async fn add_scw_signature(
         &self,
         signature_bytes: Vec<u8>,
-        address: String,
+        account_address: String,
         chain_id: u64,
         block_number: u64,
     ) -> Result<(), GenericError> {
         let mut inner = self.inner.lock().await;
-        let account_id = AccountId::new_evm(chain_id, address);
+        let account_id = AccountId::new_evm(chain_id, account_address);
 
         let signature = UnverifiedSignature::new_smart_contract_wallet(
             signature_bytes,
             account_id,
             block_number,
+            chain_id,
         );
         inner
             .add_signature(signature, self.scw_verifier.clone().as_ref())

diff --git a/bindings_node/src/groups.rs b/bindings_node/src/groups.rs
@@ -63,7 +63,6 @@ pub struct NapiGroupMember {
   pub permission_level: NapiPermissionLevel,
 }
 
-#[derive(Debug)]
 #[napi]
 pub struct NapiGroup {
   inner_client: Arc<RustXmtpClient>,

diff --git a/bindings_wasm/src/mls_client.rs b/bindings_wasm/src/mls_client.rs
@@ -164,8 +164,6 @@ impl WasmClient {
     signature_bytes: Uint8Array,
     chain_id: u64,
     account_address: String,
-    // TODO:nm Remove this
-    _chain_rpc_url: String,
     block_number: u64,
   ) -> Result<(), JsError> {
     if self.is_registered() {
@@ -180,6 +178,7 @@ impl WasmClient {
       signature_bytes.to_vec(),
       account_id,
       block_number,
+      chain_id,
     );
 
     self.signatures.insert(

diff --git a/mls_validation_service/Cargo.toml b/mls_validation_service/Cargo.toml
@@ -11,6 +11,7 @@ path = "src/main.rs"
 clap = { version = "4.4.6", features = ["derive"] }
 ed25519-dalek = { workspace = true, features = ["digest"] }
 env_logger = "0.11"
+ethers = { workspace = true }
 futures = { workspace = true }
 hex = { workspace = true }
 log = { workspace = true }
@@ -23,12 +24,10 @@ thiserror.workspace = true
 tokio = { workspace = true, features = ["full"] }
 tonic = { workspace = true }
 warp = "0.3.6"
+xmtp_cryptography = { path = "../xmtp_cryptography" }
 xmtp_id.workspace = true
 xmtp_mls.workspace = true
-xmtp_proto = { path = "../xmtp_proto", features = [
-    "proto_full",
-    "convert",
-] }
+xmtp_proto = { path = "../xmtp_proto", features = ["proto_full", "convert"] }
 
 [dev-dependencies]
 anyhow.workspace = true

diff --git a/mls_validation_service/src/handlers.rs b/mls_validation_service/src/handlers.rs
@@ -1,11 +1,13 @@
+use ethers::types::{BlockNumber, U64};
 use futures::future::{join_all, try_join_all};
 use openmls::prelude::{tls_codec::Deserialize, MlsMessageIn, ProtocolMessage};
 use openmls_rust_crypto::RustCrypto;
 use tonic::{Request, Response, Status};
 
+use xmtp_cryptography::hash::sha256_bytes;
 use xmtp_id::{
     associations::{
-        self, try_map_vec, unverified::UnverifiedIdentityUpdate, AssociationError,
+        self, try_map_vec, unverified::UnverifiedIdentityUpdate, AccountId, AssociationError,
         DeserializationError, SignatureError,
     },
     scw_verifier::SmartContractSignatureVerifier,
@@ -15,13 +17,15 @@ use xmtp_mls::{
     verified_key_package_v2::{KeyPackageVerificationError, VerifiedKeyPackageV2},
 };
 use xmtp_proto::xmtp::{
-    identity::associations::IdentityUpdate as IdentityUpdateProto,
+    identity::associations::{IdentityUpdate as IdentityUpdateProto, SmartContractWalletSignature},
     mls_validation::v1::{
         validate_group_messages_response::ValidationResponse as ValidateGroupMessageValidationResponse,
         validate_inbox_id_key_packages_response::Response as ValidateInboxIdKeyPackageResponse,
         validation_api_server::ValidationApi, GetAssociationStateRequest,
         GetAssociationStateResponse, ValidateGroupMessagesRequest, ValidateGroupMessagesResponse,
-        ValidateInboxIdKeyPackagesRequest, ValidateInboxIdKeyPackagesResponse,
+        ValidateInboxIdKeyPackagesResponse, ValidateInboxIdsRequest, ValidateInboxIdsResponse,
+        ValidateKeyPackagesRequest, ValidateKeyPackagesResponse,
+        VerifySmartContractWalletSignaturesRequest, VerifySmartContractWalletSignaturesResponse,
     },
 };
 
@@ -55,6 +59,22 @@ impl ValidationService {
 
 #[tonic::async_trait]
 impl ValidationApi for ValidationService {
+    async fn validate_inbox_ids(
+        &self,
+        _request: tonic::Request<ValidateInboxIdsRequest>,
+    ) -> Result<tonic::Response<ValidateInboxIdsResponse>, tonic::Status> {
+        // Stubbed for v2 nodes
+        unimplemented!()
+    }
+
+    async fn validate_key_packages(
+        &self,
+        _request: tonic::Request<ValidateKeyPackagesRequest>,
+    ) -> std::result::Result<tonic::Response<ValidateKeyPackagesResponse>, tonic::Status> {
+        // Stubbed out for v2 nodes
+        unimplemented!()
+    }
+
     async fn validate_group_messages(
         &self,
         request: Request<ValidateGroupMessagesRequest>,
@@ -99,19 +119,28 @@ impl ValidationApi for ValidationService {
             .map_err(Into::into)
     }
 
+    async fn verify_smart_contract_wallet_signatures(
+        &self,
+        request: Request<VerifySmartContractWalletSignaturesRequest>,
+    ) -> Result<Response<VerifySmartContractWalletSignaturesResponse>, Status> {
+        let VerifySmartContractWalletSignaturesRequest { signatures } = request.into_inner();
+
+        verify_smart_contract_wallet_signatures(signatures, self.scw_verifier.as_ref()).await
+    }
+
     async fn validate_inbox_id_key_packages(
         &self,
-        request: Request<ValidateInboxIdKeyPackagesRequest>,
+        request: tonic::Request<ValidateKeyPackagesRequest>,
     ) -> Result<Response<ValidateInboxIdKeyPackagesResponse>, Status> {
-        let ValidateInboxIdKeyPackagesRequest { key_packages } = request.into_inner();
+        let ValidateKeyPackagesRequest { key_packages } = request.into_inner();
 
         let responses: Vec<_> = key_packages
             .into_iter()
             .map(|k| k.key_package_bytes_tls_serialized)
             .map(validate_inbox_id_key_package)
             .collect();
 
-        let responses: Vec<ValidateInboxIdKeyPackageResponse> = join_all(responses)
+        let responses: Vec<_> = join_all(responses)
             .await
             .into_iter()
             .map(|res| res.map_err(ValidateInboxIdKeyPackageResponse::from))
@@ -158,6 +187,30 @@ async fn validate_inbox_id_key_package(
     })
 }
 
+async fn verify_smart_contract_wallet_signatures(
+    signatures: Vec<SmartContractWalletSignature>,
+    scw_verifier: &dyn SmartContractSignatureVerifier,
+) -> Result<Response<VerifySmartContractWalletSignaturesResponse>, Status> {
+    let mut futures = vec![];
+
+    for sig in signatures {
+        let hash = sha256_bytes(&sig.signature)
+            .try_into()
+            .expect("Sha256 should be 32 bytes");
+
+        futures.push(scw_verifier.is_valid_signature(
+            AccountId::new_evm(sig.chain_id, sig.account_id),
+            hash,
+            sig.signature.into(),
+            Some(BlockNumber::Number(U64::from(sig.block_number))),
+        ));
+    }
+
+    Ok(Response::new(VerifySmartContractWalletSignaturesResponse {
+        responses: vec![],
+    }))
+}
+
 async fn get_association_state(
     old_updates: Vec<IdentityUpdateProto>,
     new_updates: Vec<IdentityUpdateProto>,
@@ -169,13 +222,13 @@ async fn get_association_state(
     let old_updates = try_join_all(
         old_unverified_updates
             .iter()
-            .map(|u| async { u.to_verified(scw_verifier).await }),
+            .map(|u| u.to_verified(scw_verifier)),
     )
     .await?;
     let new_updates = try_join_all(
         new_unverified_updates
             .iter()
-            .map(|u| async { u.to_verified(scw_verifier).await }),
+            .map(|u| u.to_verified(scw_verifier)),
     )
     .await?;
     if old_updates.is_empty() {
@@ -234,10 +287,11 @@ mod tests {
         unverified::{UnverifiedAction, UnverifiedIdentityUpdate},
     };
     use xmtp_mls::configuration::CIPHERSUITE;
-    use xmtp_proto::xmtp::identity::{
-        associations::IdentityUpdate as IdentityUpdateProto, MlsCredential as InboxIdMlsCredential,
+    use xmtp_proto::xmtp::{
+        identity::associations::IdentityUpdate as IdentityUpdateProto,
+        identity::MlsCredential as InboxIdMlsCredential,
+        mls_validation::v1::validate_key_packages_request::KeyPackage as KeyPackageProtoWrapper,
     };
-    use xmtp_proto::xmtp::mls_validation::v1::validate_inbox_id_key_packages_request::KeyPackage as KeyPackageProtoWrapper;
 
     use super::*;
 
@@ -344,7 +398,7 @@ mod tests {
         };
 
         let key_package_bytes = build_key_package_bytes(&keypair, &credential_with_key, None);
-        let request = ValidateInboxIdKeyPackagesRequest {
+        let request = ValidateKeyPackagesRequest {
             key_packages: vec![KeyPackageProtoWrapper {
                 key_package_bytes_tls_serialized: key_package_bytes,
                 is_inbox_id_credential: false,
@@ -385,7 +439,7 @@ mod tests {
         };
 
         let key_package_bytes = build_key_package_bytes(&keypair, &credential_with_key, None);
-        let request = ValidateInboxIdKeyPackagesRequest {
+        let request = ValidateKeyPackagesRequest {
             key_packages: vec![KeyPackageProtoWrapper {
                 key_package_bytes_tls_serialized: key_package_bytes,
                 is_inbox_id_credential: false,

diff --git a/xmtp_id/src/associations/serialization.rs b/xmtp_id/src/associations/serialization.rs
@@ -63,6 +63,8 @@ pub enum DeserializationError {
     Decode(#[from] DecodeError),
     #[error("Invalid account id")]
     InvalidAccountId,
+    #[error("Invalid hash (needs to be 32 bytes)")]
+    InvalidHash,
 }
 
 impl TryFrom<IdentityUpdateProto> for UnverifiedIdentityUpdate {
@@ -173,6 +175,7 @@ impl TryFrom<SignatureWrapperProto> for UnverifiedSignature {
                     sig.signature,
                     sig.account_id.try_into()?,
                     sig.block_number,
+                    sig.chain_id,
                 ),
             ),
         };
@@ -257,8 +260,9 @@ impl From<UnverifiedSignature> for SignatureWrapperProto {
                     account_id: sig.account_id.into(),
                     block_number: sig.block_number,
                     signature: sig.signature_bytes,
-                    // TOOD:nm Remove this field altogether
-                    chain_rpc_url: "".to_string(),
+                    // Ethereum
+                    chain_id: sig.chain_id,
+                    hash: sig.hash.to_vec(),
                 })
             }
             UnverifiedSignature::InstallationKey(sig) => {

diff --git a/xmtp_id/src/associations/test_utils.rs b/xmtp_id/src/associations/test_utils.rs
@@ -54,7 +54,7 @@ impl SmartContractSignatureVerifier for MockSmartContractSignatureVerifier {
         &self,
         _account_id: AccountId,
         _hash: [u8; 32],
-        _signature: &Bytes,
+        _signature: Bytes,
         _block_number: Option<BlockNumber>,
     ) -> Result<bool, VerifierError> {
         Ok(self.is_valid_signature)

diff --git a/xmtp_id/src/associations/unverified.rs b/xmtp_id/src/associations/unverified.rs
@@ -11,7 +11,10 @@ use super::{
     AccountId, Action, AddAssociation, CreateInbox, IdentityUpdate, RevokeAssociation,
     SignatureError,
 };
+use ethers::{abi::AbiEncode, types::H256};
 use futures::future::try_join_all;
+use sha2::Digest;
+use xmtp_cryptography::hash::sha256_bytes;
 use xmtp_proto::xmtp::message_contents::SignedPublicKey as LegacySignedPublicKeyProto;
 
 #[derive(Debug, Clone, PartialEq)]
@@ -294,11 +297,13 @@ impl UnverifiedSignature {
         signature: Vec<u8>,
         account_id: AccountId,
         block_number: u64,
+        chain_id: u64,
     ) -> Self {
         Self::SmartContractWallet(UnverifiedSmartContractWalletSignature::new(
             signature,
             account_id,
             block_number,
+            chain_id,
         ))
     }
 
@@ -344,14 +349,27 @@ pub struct UnverifiedSmartContractWalletSignature {
     pub(crate) signature_bytes: Vec<u8>,
     pub(crate) account_id: AccountId,
     pub(crate) block_number: u64,
+    pub(crate) chain_id: u64,
+    pub(crate) hash: [u8; 32],
 }
 
 impl UnverifiedSmartContractWalletSignature {
-    pub fn new(signature_bytes: Vec<u8>, account_id: AccountId, block_number: u64) -> Self {
+    pub fn new(
+        signature_bytes: Vec<u8>,
+        account_id: AccountId,
+        block_number: u64,
+        chain_id: u64,
+    ) -> Self {
+        let hash = sha256_bytes(&signature_bytes)
+            .try_into()
+            .expect("SHA256 hash should be 32 bytes");
+
         Self {
             signature_bytes,
             account_id,
             block_number,
+            chain_id,
+            hash,
         }
     }
 }

diff --git a/xmtp_id/src/associations/verified_signature.rs b/xmtp_id/src/associations/verified_signature.rs
@@ -131,7 +131,7 @@ impl VerifiedSignature {
             .is_valid_signature(
                 account_id.clone(),
                 hash_message(signature_text.as_ref()).into(),
-                &signature_bytes.to_vec().into(),
+                signature_bytes.to_vec().into(),
                 Some(BlockNumber::Number(U64::from(block_number))),
             )
             .await?;