mirror of
https://github.com/logos-messaging/OpChan.git
synced 2026-01-02 21:03:09 +00:00
323 lines
9.1 KiB
TypeScript
323 lines
9.1 KiB
TypeScript
/**
|
|
* CryptoService - Unified cryptographic operations
|
|
*
|
|
* Combines key delegation and message signing functionality into a single,
|
|
* cohesive service focused on all cryptographic operations.
|
|
*/
|
|
|
|
import * as ed from '@noble/ed25519';
|
|
import { sha512 } from '@noble/hashes/sha512';
|
|
import { bytesToHex, hexToBytes } from '@/lib/utils';
|
|
import { LOCAL_STORAGE_KEYS } from '@/lib/waku/constants';
|
|
import { OpchanMessage } from '@/types/forum';
|
|
import { UnsignedMessage } from '@/types/waku';
|
|
|
|
export interface DelegationSignature {
|
|
signature: string; // Signature from wallet
|
|
expiryTimestamp: number; // When this delegation expires
|
|
browserPublicKey: string; // Browser-generated public key that was delegated to
|
|
walletAddress: string; // Wallet address that signed the delegation
|
|
walletType: 'bitcoin' | 'ethereum'; // Type of wallet that created the delegation
|
|
}
|
|
|
|
export interface DelegationInfo extends DelegationSignature {
|
|
browserPrivateKey: string;
|
|
}
|
|
|
|
ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
|
|
|
|
export type DelegationDuration = '7days' | '30days';
|
|
|
|
export interface CryptoServiceInterface {
|
|
// Delegation management
|
|
createDelegation(
|
|
walletAddress: string,
|
|
signature: string,
|
|
browserPublicKey: string,
|
|
browserPrivateKey: string,
|
|
duration: DelegationDuration,
|
|
walletType: 'bitcoin' | 'ethereum'
|
|
): void;
|
|
isDelegationValid(
|
|
currentAddress?: string,
|
|
currentWalletType?: 'bitcoin' | 'ethereum'
|
|
): boolean;
|
|
getDelegationTimeRemaining(): number;
|
|
getBrowserPublicKey(): string | null;
|
|
clearDelegation(): void;
|
|
|
|
// Keypair generation
|
|
generateKeypair(): { publicKey: string; privateKey: string };
|
|
createDelegationMessage(
|
|
browserPublicKey: string,
|
|
walletAddress: string,
|
|
expiryTimestamp: number
|
|
): string;
|
|
|
|
// Message operations
|
|
signMessage(message: UnsignedMessage): OpchanMessage | null;
|
|
verifyMessage(message: OpchanMessage): boolean;
|
|
}
|
|
|
|
export class CryptoService implements CryptoServiceInterface {
|
|
private static readonly STORAGE_KEY = LOCAL_STORAGE_KEYS.KEY_DELEGATION;
|
|
|
|
// Duration options in hours
|
|
private static readonly DURATION_HOURS = {
|
|
'7days': 24 * 7, // 168 hours
|
|
'30days': 24 * 30, // 720 hours
|
|
} as const;
|
|
|
|
/**
|
|
* Get the number of hours for a given duration
|
|
*/
|
|
static getDurationHours(duration: DelegationDuration): number {
|
|
return CryptoService.DURATION_HOURS[duration];
|
|
}
|
|
|
|
/**
|
|
* Get available duration options
|
|
*/
|
|
static getAvailableDurations(): DelegationDuration[] {
|
|
return Object.keys(CryptoService.DURATION_HOURS) as DelegationDuration[];
|
|
}
|
|
|
|
// ============================================================================
|
|
// KEYPAIR GENERATION
|
|
// ============================================================================
|
|
|
|
/**
|
|
* Generates a new browser-based keypair for signing messages
|
|
*/
|
|
generateKeypair(): { publicKey: string; privateKey: string } {
|
|
const privateKey = ed.utils.randomPrivateKey();
|
|
const privateKeyHex = bytesToHex(privateKey);
|
|
|
|
const publicKey = ed.getPublicKey(privateKey);
|
|
const publicKeyHex = bytesToHex(publicKey);
|
|
|
|
return {
|
|
privateKey: privateKeyHex,
|
|
publicKey: publicKeyHex,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Creates a delegation message to be signed by the wallet
|
|
*/
|
|
createDelegationMessage(
|
|
browserPublicKey: string,
|
|
walletAddress: string,
|
|
expiryTimestamp: number
|
|
): string {
|
|
return `I, ${walletAddress}, delegate authority to this pubkey: ${browserPublicKey} until ${expiryTimestamp}`;
|
|
}
|
|
|
|
// ============================================================================
|
|
// DELEGATION MANAGEMENT
|
|
// ============================================================================
|
|
|
|
/**
|
|
* Creates and stores a delegation
|
|
*/
|
|
createDelegation(
|
|
walletAddress: string,
|
|
signature: string,
|
|
browserPublicKey: string,
|
|
browserPrivateKey: string,
|
|
duration: DelegationDuration = '7days',
|
|
walletType: 'bitcoin' | 'ethereum'
|
|
): void {
|
|
const expiryHours = CryptoService.getDurationHours(duration);
|
|
const expiryTimestamp = Date.now() + expiryHours * 60 * 60 * 1000;
|
|
|
|
const delegationInfo: DelegationInfo = {
|
|
signature,
|
|
expiryTimestamp,
|
|
browserPublicKey,
|
|
browserPrivateKey,
|
|
walletAddress,
|
|
walletType,
|
|
};
|
|
|
|
localStorage.setItem(
|
|
CryptoService.STORAGE_KEY,
|
|
JSON.stringify(delegationInfo)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Retrieves delegation information from local storage
|
|
*/
|
|
private retrieveDelegation(): DelegationInfo | null {
|
|
const delegationJson = localStorage.getItem(CryptoService.STORAGE_KEY);
|
|
if (!delegationJson) return null;
|
|
|
|
try {
|
|
return JSON.parse(delegationJson);
|
|
} catch (e) {
|
|
console.error('Failed to parse delegation information', e);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Checks if a delegation is valid
|
|
*/
|
|
isDelegationValid(
|
|
currentAddress?: string,
|
|
currentWalletType?: 'bitcoin' | 'ethereum'
|
|
): boolean {
|
|
const delegation = this.retrieveDelegation();
|
|
if (!delegation) return false;
|
|
|
|
// Check if delegation has expired
|
|
const now = Date.now();
|
|
if (now >= delegation.expiryTimestamp) return false;
|
|
|
|
// If a current address is provided, validate it matches the delegation
|
|
if (currentAddress && delegation.walletAddress !== currentAddress) {
|
|
return false;
|
|
}
|
|
|
|
// If a current wallet type is provided, validate it matches the delegation
|
|
if (currentWalletType && delegation.walletType !== currentWalletType) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Gets the time remaining on the current delegation
|
|
*/
|
|
getDelegationTimeRemaining(): number {
|
|
const delegation = this.retrieveDelegation();
|
|
if (!delegation) return 0;
|
|
|
|
const now = Date.now();
|
|
return Math.max(0, delegation.expiryTimestamp - now);
|
|
}
|
|
|
|
/**
|
|
* Gets the browser public key from the current delegation
|
|
*/
|
|
getBrowserPublicKey(): string | null {
|
|
const delegation = this.retrieveDelegation();
|
|
if (!delegation) return null;
|
|
return delegation.browserPublicKey;
|
|
}
|
|
|
|
/**
|
|
* Clears the stored delegation
|
|
*/
|
|
clearDelegation(): void {
|
|
localStorage.removeItem(CryptoService.STORAGE_KEY);
|
|
}
|
|
|
|
// ============================================================================
|
|
// MESSAGE SIGNING & VERIFICATION
|
|
// ============================================================================
|
|
|
|
/**
|
|
* Signs a raw string message using the browser-generated private key
|
|
*/
|
|
signRawMessage(message: string): string | null {
|
|
const delegation = this.retrieveDelegation();
|
|
if (!delegation || !this.isDelegationValid()) return null;
|
|
|
|
try {
|
|
const privateKeyBytes = hexToBytes(delegation.browserPrivateKey);
|
|
const messageBytes = new TextEncoder().encode(message);
|
|
|
|
const signature = ed.sign(messageBytes, privateKeyBytes);
|
|
return bytesToHex(signature);
|
|
} catch (error) {
|
|
console.error('Error signing with browser key:', error);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Verifies a signature made with the browser key
|
|
*/
|
|
private verifyRawSignature(
|
|
message: string,
|
|
signature: string,
|
|
publicKey: string
|
|
): boolean {
|
|
try {
|
|
const messageBytes = new TextEncoder().encode(message);
|
|
const signatureBytes = hexToBytes(signature);
|
|
const publicKeyBytes = hexToBytes(publicKey);
|
|
|
|
return ed.verify(signatureBytes, messageBytes, publicKeyBytes);
|
|
} catch (error) {
|
|
console.error('Error verifying signature:', error);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Signs an unsigned message with the delegated browser key
|
|
*/
|
|
signMessage(message: UnsignedMessage): OpchanMessage | null {
|
|
if (!this.isDelegationValid()) {
|
|
console.error('No valid key delegation found. Cannot sign message.');
|
|
return null;
|
|
}
|
|
|
|
const delegation = this.retrieveDelegation();
|
|
if (!delegation) return null;
|
|
|
|
// Create the message content to sign (without signature fields)
|
|
const messageToSign = JSON.stringify({
|
|
...message,
|
|
signature: undefined,
|
|
browserPubKey: undefined,
|
|
});
|
|
|
|
const signature = this.signRawMessage(messageToSign);
|
|
if (!signature) return null;
|
|
|
|
return {
|
|
...message,
|
|
signature,
|
|
browserPubKey: delegation.browserPublicKey,
|
|
} as OpchanMessage;
|
|
}
|
|
|
|
/**
|
|
* Verifies an OpchanMessage signature
|
|
*/
|
|
verifyMessage(message: OpchanMessage): boolean {
|
|
// Check for required signature fields
|
|
if (!message.signature || !message.browserPubKey) {
|
|
const messageId = message.id || `${message.type}-${message.timestamp}`;
|
|
console.warn('Message is missing signature information', messageId);
|
|
return false;
|
|
}
|
|
|
|
// Reconstruct the original signed content
|
|
const signedContent = JSON.stringify({
|
|
...message,
|
|
signature: undefined,
|
|
browserPubKey: undefined,
|
|
});
|
|
|
|
// Verify the signature
|
|
const isValid = this.verifyRawSignature(
|
|
signedContent,
|
|
message.signature,
|
|
message.browserPubKey
|
|
);
|
|
|
|
if (!isValid) {
|
|
const messageId = message.id || `${message.type}-${message.timestamp}`;
|
|
console.warn(`Invalid signature for message ${messageId}`);
|
|
}
|
|
|
|
return isValid;
|
|
}
|
|
}
|