@novasamatech/host-papp 0.5.2 → 0.5.3-0

package/dist/crypto.d.ts

@@ -11,11 +11,6 @@ export declare const SsPubKey: Codec<SsPublicKey>;
 export declare const EncrPubKey: Codec<EncrPublicKey>;
 export declare function stringToBytes(str: string): Uint8Array<ArrayBuffer>;
 export declare function bytesToString(bytes: Uint8Array): string;
-export declare function createSsSecret(entropy: Uint8Array): SsSecret;
-export declare function createSsDerivation(secret: SsSecret, derivation: string): SsSecret;
-export declare function getSsPub(secret: SsSecret): SsPublicKey;
-export declare function signWithSsSecret(secret: SsSecret, message: Uint8Array): Uint8Array<ArrayBufferLike>;
-export declare function verifyWithSsSecret(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean;
 export type DerivedSr25519Account = {
     secret: SsSecret;
     publicKey: SsPublicKey;

package/dist/crypto.js

@@ -1,7 +1,7 @@
 import { p256 } from '@noble/curves/nist.js';
+import { createSr25519Secret, deriveSr25519PublicKey, signWithSr25519Secret, verifySr25519Signature, } from '@novasamatech/statement-store';
 import { entropyToMiniSecret, mnemonicToEntropy } from '@polkadot-labs/hdkd-helpers';
-import { HDKD as sr25519HDKD, getPublicKey as sr25519GetPublicKey, secretFromSeed as sr25519SecretFromSeed, sign as sr25519Sign, verify as sr25519Verify, } from '@scure/sr25519';
-import { Bytes, str } from 'scale-ts';
+import { Bytes } from 'scale-ts';
 // schemas
 export function BrandedBytesCodec(length) {
     return Bytes(length);
@@ -17,57 +17,16 @@ export function stringToBytes(str) {
 export function bytesToString(bytes) {
     return textDecoder.decode(bytes);
 }
-function parseDerivations(derivationsStr) {
-    const DERIVATION_RE = /(\/{1,2})([^/]+)/g;
-    const derivations = [];
-    for (const [, type, code] of derivationsStr.matchAll(DERIVATION_RE)) {
-        if (code) {
-            derivations.push([type === '//' ? 'hard' : 'soft', code]);
-        }
-    }
-    return derivations;
-}
-function createChainCode(derivation) {
-    const chainCode = new Uint8Array(32);
-    chainCode.set(str.enc(derivation));
-    return chainCode;
-}
-// statement store key pair
-export function createSsSecret(entropy) {
-    const miniSecret = entropyToMiniSecret(entropy);
-    return sr25519SecretFromSeed(miniSecret);
-}
-export function createSsDerivation(secret, derivation) {
-    const derivations = parseDerivations(derivation);
-    return derivations.reduce((secret, [type, derivation]) => {
-        const chainCode = createChainCode(derivation);
-        switch (type) {
-            case 'hard':
-                return sr25519HDKD.secretHard(secret, chainCode);
-            case 'soft':
-                return sr25519HDKD.secretSoft(secret, chainCode);
-        }
-    }, secret);
-}
-export function getSsPub(secret) {
-    return sr25519GetPublicKey(secret);
-}
-export function signWithSsSecret(secret, message) {
-    return sr25519Sign(secret, message);
-}
-export function verifyWithSsSecret(message, signature, publicKey) {
-    return sr25519Verify(message, signature, publicKey);
-}
 export function deriveSr25519Account(mnemonic, derivation) {
     const entropy = mnemonicToEntropy(mnemonic);
-    const secret = createSsDerivation(createSsSecret(entropy), derivation);
-    const publicKey = getSsPub(secret);
+    const secret = createSr25519Secret(entropy, derivation);
+    const publicKey = deriveSr25519PublicKey(secret);
     return {
         secret,
         publicKey,
         entropy,
-        sign: message => signWithSsSecret(secret, message),
-        verify: (message, signature) => verifyWithSsSecret(message, signature, publicKey),
+        sign: message => signWithSr25519Secret(secret, message),
+        verify: (message, signature) => verifySr25519Signature(message, signature, publicKey),
     };
 }
 // encryption key pair

package/dist/sso/auth/attestationService.d.ts

@@ -1,7 +1,7 @@
 import type { LazyClient } from '@novasamatech/statement-store';
 import type { ResultAsync } from 'neverthrow';
 import type { DerivedSr25519Account } from '../../crypto.js';
-export declare function createAliceVerifier(): DerivedSr25519Account;
+export declare function createSudoAliceVerifier(): DerivedSr25519Account;
 export declare const createAttestationService: (lazyClient: LazyClient) => {
     claimUsername(): string;
     grantVerifierAllowance(verifier: DerivedSr25519Account): ResultAsync<void, Error>;

package/dist/sso/auth/attestationService.js

@@ -10,7 +10,7 @@ import { member_from_entropy, sign } from 'verifiablejs/bundler';
 import { deriveSr25519Account, getEncrPub, stringToBytes } from '../../crypto.js';
 import { toError } from '../../helpers/utils.js';
 const accountId = AccountId();
-export function createAliceVerifier() {
+export function createSudoAliceVerifier() {
     return deriveSr25519Account('bottom drive obey lake curtain smoke basket hold race lonely fit walk', '//Alice');
 }
 export const createAttestationService = (lazyClient) => {

package/dist/sso/auth/impl.js

@@ -1,3 +1,4 @@
+import { enumValue } from '@novasamatech/scale';
 import { createAccountId, createEncryption, createLocalSessionAccount, createRemoteSessionAccount, khash, } from '@novasamatech/statement-store';
 import { mergeUint8, toHex } from '@polkadot-api/utils';
 import { generateMnemonic } from '@polkadot-labs/hdkd-helpers';
@@ -7,7 +8,7 @@ import { AbortError } from '../../helpers/abortError.js';
 import { createState, readonly } from '../../helpers/state.js';
 import { toError } from '../../helpers/utils.js';
 import { createStoredUserSession } from '../userSessionRepository.js';
-import { createAliceVerifier, createAttestationService } from './attestationService.js';
+import { createAttestationService, createSudoAliceVerifier } from './attestationService.js';
 import { HandshakeData, HandshakeResponsePayload, HandshakeResponseSensitiveData } from './scale/handshake.js';
 export function createAuth({ metadata, statementStore, ssoSessionRepository, userSecretRepository, lazyClient, }) {
     const attestationStatus = createState({ step: 'none' });
@@ -16,7 +17,7 @@ export function createAuth({ metadata, statementStore, ssoSessionRepository, use
     let abort = null;
     function attestAccount(account, signal) {
         const attestationService = createAttestationService(lazyClient);
-        const verifier = createAliceVerifier();
+        const verifier = createSudoAliceVerifier();
         const username = attestationService.claimUsername();
         attestationStatus.write({ step: 'attestation', username });
         return attestationService
@@ -115,18 +116,12 @@ export function createAuth({ metadata, statementStore, ssoSessionRepository, use
     return authModule;
 }
 const createHandshakeTopic = fromThrowable((account, encrPublicKey) => khash(account.accountId, mergeUint8([encrPublicKey, stringToBytes('topic')])), toError);
-const createHandshakePayloadV1 = fromThrowable(({ encrPublicKey, ssPublicKey, metadata, }) => HandshakeData.enc({
-    tag: 'v1',
-    value: [ssPublicKey, encrPublicKey, metadata],
-}), toError);
+const createHandshakePayloadV1 = fromThrowable(({ encrPublicKey, ssPublicKey, metadata, }) => HandshakeData.enc(enumValue('v1', [ssPublicKey, encrPublicKey, metadata])), toError);
 function parseHandshakePayload(payload) {
     const decoded = HandshakeResponsePayload.dec(payload);
     switch (decoded.tag) {
         case 'v1':
-            return {
-                encrypted: decoded.value[0],
-                tmpKey: decoded.value[1],
-            };
+            return decoded.value;
         default:
             throw new Error('Unsupported handshake payload version');
     }

package/dist/sso/auth/scale/handshake.d.ts

@@ -4,6 +4,9 @@ export declare const HandshakeData: import("scale-ts").Codec<{
 }>;
 export declare const HandshakeResponsePayload: import("scale-ts").Codec<{
     tag: "v1";
-    value: [Uint8Array<ArrayBufferLike>, Uint8Array<ArrayBufferLike>];
+    value: {
+        encrypted: Uint8Array<ArrayBufferLike>;
+        tmpKey: Uint8Array<ArrayBufferLike>;
+    };
 }>;
 export declare const HandshakeResponseSensitiveData: import("scale-ts").Codec<[Uint8Array<ArrayBufferLike>, Uint8Array<ArrayBufferLike>]>;

package/dist/sso/auth/scale/handshake.js

@@ -1,10 +1,10 @@
-import { Bytes, Enum, Tuple, str } from 'scale-ts';
+import { Enum } from '@novasamatech/scale';
+import { Bytes, Struct, Tuple, str } from 'scale-ts';
 import { EncrPubKey, SsPubKey } from '../../../crypto.js';
 export const HandshakeData = Enum({
     v1: Tuple(SsPubKey, EncrPubKey, str),
 });
 export const HandshakeResponsePayload = Enum({
-    // [encrypted, tmp_key]
-    v1: Tuple(Bytes(), Bytes(65)),
+    v1: Struct({ encrypted: Bytes(), tmpKey: Bytes(65) }),
 });
 export const HandshakeResponseSensitiveData = Tuple(Bytes(65), Bytes(32));

package/dist/sso/sessionManager/scale/signPayloadRequest.js

@@ -1,20 +1,20 @@
+import { Hex } from '@novasamatech/scale';
 import { Option, Struct, Vector, bool, str, u32 } from 'scale-ts';
-import { hexCodec } from './hex.js';
 export const SignPayloadRequestCodec = Struct({
     address: str,
-    blockHash: hexCodec,
-    blockNumber: hexCodec,
-    era: hexCodec,
-    genesisHash: hexCodec,
-    method: hexCodec,
-    nonce: hexCodec,
-    specVersion: hexCodec,
-    tip: hexCodec,
-    transactionVersion: hexCodec,
+    blockHash: Hex(),
+    blockNumber: Hex(),
+    era: Hex(),
+    genesisHash: Hex(),
+    method: Hex(),
+    nonce: Hex(),
+    specVersion: Hex(),
+    tip: Hex(),
+    transactionVersion: Hex(),
     signedExtensions: Vector(str),
     version: u32,
-    assetId: Option(hexCodec),
-    metadataHash: Option(hexCodec),
+    assetId: Option(Hex()),
+    metadataHash: Option(Hex()),
     mode: Option(u32),
     withSignedTransaction: Option(bool),
 });

package/dist/sso/sessionManager/userSession.js

@@ -1,3 +1,4 @@
+import { enumValue } from '@novasamatech/scale';
 import { createSession } from '@novasamatech/statement-store';
 import { fieldListView } from '@novasamatech/storage-adapter';
 import { AccountId } from '@polkadot-api/substrate-bindings';
@@ -31,39 +32,23 @@ export function createUserSession({ userSession, statementStore, encryption, sto
             const messageId = nanoid();
             const request = session.request(RemoteMessageCodec, {
                 messageId,
-                data: {
-                    tag: 'v1',
-                    value: {
-                        tag: 'SignRequest',
-                        value: payload,
-                    },
-                },
+                data: enumValue('v1', enumValue('SignRequest', payload)),
             });
             const responseFilter = (message) => {
-                return (message.data.tag === 'v1' &&
+                if (message.data.tag === 'v1' &&
                     message.data.value.tag === 'SignResponse' &&
-                    message.data.value.value.respondingTo === messageId);
+                    message.data.value.value.respondingTo === messageId) {
+                    return message.data.value.value.payload;
+                }
             };
             return request
                 .andThen(() => session.waitForRequestMessage(RemoteMessageCodec, responseFilter))
                 .andThen(message => {
-                const { data } = message.payload;
-                switch (data.tag) {
-                    case 'v1': {
-                        switch (data.value.tag) {
-                            case 'SignResponse':
-                                if (data.value.value.payload.success) {
-                                    return ok(data.value.value.payload.value);
-                                }
-                                else {
-                                    return err(new Error(data.value.value.payload.value));
-                                }
-                            default:
-                                return err(new Error(`Incorrect sign response: ${data.value.tag}`));
-                        }
-                    }
-                    default:
-                        return err(new Error(`Unsupported message version ${data.tag}`));
+                if (message.success) {
+                    return ok(message.value);
+                }
+                else {
+                    return err(new Error(message.value));
                 }
             });
         },
@@ -71,13 +56,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
             return session
                 .submitRequestMessage(RemoteMessageCodec, {
                 messageId: nanoid(),
-                data: {
-                    tag: 'v1',
-                    value: {
-                        tag: 'Disconnected',
-                        value: undefined,
-                    },
-                },
+                data: enumValue('v1', enumValue('Disconnected', undefined)),
             })
                 .map(() => undefined);
         },
@@ -85,17 +64,18 @@ export function createUserSession({ userSession, statementStore, encryption, sto
             return session.subscribe(RemoteMessageCodec, messages => {
                 processedMessages.read().andThen(processed => {
                     const results = messages.map(message => {
-                        if (message.type === 'request') {
-                            const isMessageProcessed = processed.includes(message.payload.messageId);
+                        if (message.type === 'request' && message.payload.status === 'parsed') {
+                            const payload = message.payload;
+                            const isMessageProcessed = processed.includes(payload.value.messageId);
                             if (isMessageProcessed) {
                                 return okAsync({ processed: false });
                             }
-                            return callback(message.payload)
+                            return callback(payload.value)
                                 .orTee(error => {
-                                console.error('Error while processing sso messsage:', error);
+                                console.error('Error while processing sso message:', error);
                             })
                                 .orElse(() => okAsync(false))
-                                .map(processed => (processed ? { processed, message: message.payload } : { processed }));
+                                .map(processed => (processed ? { processed, message: payload.value } : { processed }));
                         }
                         return okAsync({ processed: false });
                     });

package/dist/sso/ssoSessionProver.js

@@ -1,35 +1,16 @@
-import { getStatementSigner, statementCodec } from '@polkadot-api/sdk-statement';
-import { err, errAsync, fromThrowable, ok, okAsync } from 'neverthrow';
-import { compact } from 'scale-ts';
-import { getSsPub, signWithSsSecret, verifyWithSsSecret } from '../crypto.js';
-import { toError } from '../helpers/utils.js';
-const verify = fromThrowable(verifyWithSsSecret, toError);
+import { createSr25519Prover } from '@novasamatech/statement-store';
+import { err, ok } from 'neverthrow';
 export function createSsoStatementProver(userSession, userSecretRepository) {
-    const secret = userSecretRepository
+    const prover = userSecretRepository
         .read(userSession.id)
         .andThen(secrets => (secrets ? ok(secrets) : err(new Error(`Secrets for session ${userSession.id} not found.`))))
-        .map(x => x.ssSecret);
+        .map(x => createSr25519Prover(x.ssSecret));
     return {
         generateMessageProof(statement) {
-            return secret.map(secret => {
-                const signer = getStatementSigner(getSsPub(secret), 'sr25519', data => signWithSsSecret(secret, data));
-                return signer.sign(statement);
-            });
+            return prover.andThen(prover => prover.generateMessageProof(statement));
         },
         verifyMessageProof(statement) {
-            const { proof, ...unsigned } = statement;
-            if (!proof) {
-                // TODO should we pass check when proof is not presented?
-                return okAsync(true);
-            }
-            const encoded = statementCodec.enc(unsigned);
-            const compactLen = compact.enc(compact.dec(encoded)).length;
-            switch (proof.type) {
-                case 'sr25519':
-                    return verify(encoded.slice(compactLen), proof.value.signature.asBytes(), proof.value.signer.asBytes()).asyncAndThen(x => okAsync(x));
-                default:
-                    return errAsync(new Error(`Proof type ${proof.type} is not supported.`));
-            }
+            return prover.andThen(prover => prover.verifyMessageProof(statement));
         },
     };
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@novasamatech/host-papp",
   "type": "module",
-  "version": "0.5.2",
+  "version": "0.5.3-0",
   "description": "Polkadot app integration",
   "license": "Apache-2.0",
   "repository": {
@@ -28,9 +28,11 @@
     "@noble/ciphers": "2.1.1",
     "@noble/curves": "2.0.1",
     "@noble/hashes": "2.0.1",
-    "@novasamatech/host-api": "0.5.2",
-    "@novasamatech/statement-store": "0.5.2",
-    "@novasamatech/storage-adapter": "0.5.2",
+    "@novasamatech/host-api": "0.5.3-0",
+    "@novasamatech/scale": "0.5.3-0",
+    "@novasamatech/statement-store": "0.5.3-0",
+    "@novasamatech/storage-adapter": "0.5.3-0",
+    "@polkadot-api/utils": "0.2.0",
     "@polkadot-api/substrate-bindings": "^0.16.5",
     "@polkadot-labs/hdkd-helpers": "^0.0.27",
     "@scure/sr25519": "1.0.0",