From d5bfb726f3ed3aacf11bfb2a4b9570643870c7d6 Mon Sep 17 00:00:00 2001 From: Heiko Burkhardt Date: Mon, 27 Nov 2023 16:18:22 +0100 Subject: [PATCH] fix: siwe message --- packages/lib/crypto/src/KeyCreation.ts | 2 +- packages/lib/profile/src/Profile.ts | 8 ++++++-- packages/lib/profile/src/index.ts | 1 + .../src/profileKeys/createProfileKeys.test.ts | 16 +++++++++------- .../src/components/SignIn/bl.tsx | 5 ++--- 5 files changed, 19 insertions(+), 13 deletions(-) diff --git a/packages/lib/crypto/src/KeyCreation.ts b/packages/lib/crypto/src/KeyCreation.ts index e9cd35a7b..ceb7567cc 100644 --- a/packages/lib/crypto/src/KeyCreation.ts +++ b/packages/lib/crypto/src/KeyCreation.ts @@ -28,7 +28,7 @@ export async function createSigningKeyPair(seed?: string): Promise { export function getStorageKeyCreationMessage(nonce: string, address: string) { // TODO: during linked profile implementation these values should be fetched from env const statement = - `Connect the DM3 MESSENGER with your wallet. Sign in with a signature. ` + + `Connect the DM3 MESSENGER with your wallet. ` + `Keys for secure communication are derived from this signature.\n\n` + `(There is no paid transaction initiated. The signature is used off-chain only.)`; const domain = 'dm3.chat'; diff --git a/packages/lib/profile/src/Profile.ts b/packages/lib/profile/src/Profile.ts index 813fd297c..d102c2dab 100644 --- a/packages/lib/profile/src/Profile.ts +++ b/packages/lib/profile/src/Profile.ts @@ -11,6 +11,10 @@ import { Dm3Profile } from './profileResolver/ProfileResolver'; import { createProfileKeys } from './profileKeys/createProfileKeys'; import { SignedUserProfile, UserProfile } from './types'; +export const DEFAULT_NONCE = ethers.utils.sha256( + ethers.utils.toUtf8Bytes('dm3_default_nonce'), +); + export function formatAddress(address: string) { return ethers.utils.getAddress(address); } @@ -56,7 +60,7 @@ export function getProfileCreationMessage( return ( `${domain} wants you register your dm3 profile with your Ethereum account:\n` + `${ethers.utils.getAddress(address)}\n\n` + - `Register your dm3 profile. This is required only once!\n` + + `This is required only once!\n` + `(There is no paid transaction initiated. The signature is used off-chain only.)\n\n` + `URI: ${uri}\n` + `Version: ${version}\n` + @@ -240,7 +244,7 @@ export async function createProfile( nonce: string; }> { const { nonce, storageKey, signer }: CreateProfileOptions = { - nonce: options?.nonce ?? (await getRandomNonce()), + nonce: DEFAULT_NONCE ?? (await getRandomNonce()), storageKey: options?.storageKey, signer: options?.signer ?? diff --git a/packages/lib/profile/src/index.ts b/packages/lib/profile/src/index.ts index 30447458e..25ba9bc0c 100644 --- a/packages/lib/profile/src/index.ts +++ b/packages/lib/profile/src/index.ts @@ -11,6 +11,7 @@ export { PROFILE_RECORD_NAME, formatAddress, createProfile, + DEFAULT_NONCE, } from './Profile'; export type { Account, ProfileKeys, GetResource } from './Profile'; diff --git a/packages/lib/profile/src/profileKeys/createProfileKeys.test.ts b/packages/lib/profile/src/profileKeys/createProfileKeys.test.ts index 6aeccdeca..13b5a2c9e 100644 --- a/packages/lib/profile/src/profileKeys/createProfileKeys.test.ts +++ b/packages/lib/profile/src/profileKeys/createProfileKeys.test.ts @@ -1,10 +1,11 @@ import { ethers } from 'ethers'; import { createStorageKey, getStorageKeyCreationMessage } from 'dm3-lib-crypto'; import { createProfileKeys } from './createProfileKeys'; +import { DEFAULT_NONCE } from '../Profile'; test(`Should create keys`, async () => { expect.assertions(1); - const nonce = '0'; + const nonce = DEFAULT_NONCE; const wallet = new ethers.Wallet( '0xac58f2f021d6f148fd621b355edbd0ebadcf9682019015ef1219cf9c0c2ddc8b', @@ -20,15 +21,16 @@ test(`Should create keys`, async () => { expect(keys).toEqual({ encryptionKeyPair: { - privateKey: '0wMyWrdDXCfuwRq4nm6IHqZ7hMbPOb5DsTt1C85w+zE=', - publicKey: 'JBvXxZY4BOnKK4J2s42ZpAJaFd/nmB5Sq7EB+jfA6H8=', + privateKey: 'dradnyjzlC7T87nZ3HfJo+w2aQQVhxP0Sdk+eZttEmw=', + publicKey: 'Cz5WfEEhkmzP52L7OJzd4sf9xQUYc9nRAbnevjTbL28=', }, signingKeyPair: { privateKey: - 'ti4w8V+E6x4Z63XIMA9ZM0lXKhMjTaxP/qjARC8c4CxRQS5qo2AEYU+ZeFyB0bksaPBX1K5/QA/dregbbmFgQQ==', - publicKey: 'UUEuaqNgBGFPmXhcgdG5LGjwV9Suf0AP3a3oG25hYEE=', + 'hHFeMBtp9mkqrPPSRVbgQU9KMj/K/1zvjjBJ7kcD25i/ACwK7hMAvcp54J+QqyL4AJNGN94e1somHjJSz18vkA==', + publicKey: 'vwAsCu4TAL3KeeCfkKsi+ACTRjfeHtbKJh4yUs9fL5A=', }, - storageEncryptionKey: 'ti4w8V+E6x4Z63XIMA9ZM0lXKhMjTaxP/qjARC8c4Cw=', - storageEncryptionNonce: '0', + storageEncryptionKey: 'hHFeMBtp9mkqrPPSRVbgQU9KMj/K/1zvjjBJ7kcD25g=', + storageEncryptionNonce: + '0xa1b38837dd52e70a250ac2bf3e19f1599833e9d30662bf69a1c12e5747ed9f65', }); }); diff --git a/packages/messenger-widget/src/components/SignIn/bl.tsx b/packages/messenger-widget/src/components/SignIn/bl.tsx index 3fbb9768e..5db880024 100644 --- a/packages/messenger-widget/src/components/SignIn/bl.tsx +++ b/packages/messenger-widget/src/components/SignIn/bl.tsx @@ -8,6 +8,7 @@ import { getProfileCreationMessage, getUserProfile, checkUserProfile, + DEFAULT_NONCE, } from 'dm3-lib-profile'; import { createStorageKey, @@ -52,8 +53,6 @@ import axios from 'axios'; import { openErrorModal } from '../../utils/common-utils'; import loader from '../../assets/images/loader.svg'; -const DEFAULT_NONCE = '0'; - export const getStorageLocation = (props: SignInProps) => { const persistedStorageLocation = window.localStorage.getItem( 'StorageLocation', @@ -283,7 +282,7 @@ async function getExistingDatebase( ) { const keys = await createKeyPairsFromSig( state.connection, - '0', + DEFAULT_NONCE, setSignInBtnContent, );