fix: pkpSign with P384 testing and a problematic ecdsa signature concatenation with the wrong recovery param (using eth value)

Author: FedericoAmura

local-tests/tests/testUseEoaSessionSigsToPkpSignK256.ts

@@ -16,7 +16,9 @@ export const testUseEoaSessionSigsToPkpSignK256 = async (
 ) => {
   const alice = await devEnv.createRandomPerson();
   const messageToSign = [1, 2, 3, 4, 5];
-  const messageHash = createHash('sha256').update(Buffer.from(messageToSign)).digest();
+  const messageHash = createHash('sha256')
+    .update(Buffer.from(messageToSign))
+    .digest();
 
   const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
   const runWithSessionSigs = await devEnv.litNodeClient.pkpSign({
@@ -66,7 +68,10 @@ export const testUseEoaSessionSigsToPkpSignK256 = async (
     .keyFromPublic(runWithSessionSigs.publicKey, 'hex')
     .getPublic(false, 'hex');
 
-  if (runWithSessionSigsUncompressedPublicKey !== recoveredPubKey.encode('hex', false)) {
+  if (
+    runWithSessionSigsUncompressedPublicKey !==
+    recoveredPubKey.encode('hex', false)
+  ) {
     throw new Error(
       `Expected recovered public key to match runWithSessionSigsUncompressedPublicKey and recoveredPubKey.encode('hex', false)`
     );

local-tests/tests/testUseEoaSessionSigsToPkpSignP256.ts

@@ -16,7 +16,9 @@ export const testUseEoaSessionSigsToPkpSignP256 = async (
 ) => {
   const alice = await devEnv.createRandomPerson();
   const messageToSign = [1, 2, 3, 4, 5];
-  const messageHash = createHash('sha256').update(Buffer.from(messageToSign)).digest();
+  const messageHash = createHash('sha256')
+    .update(Buffer.from(messageToSign))
+    .digest();
 
   const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
   const runWithSessionSigs = await devEnv.litNodeClient.pkpSign({
@@ -66,7 +68,10 @@ export const testUseEoaSessionSigsToPkpSignP256 = async (
     .keyFromPublic(runWithSessionSigs.publicKey, 'hex')
     .getPublic(false, 'hex');
 
-  if (runWithSessionSigsUncompressedPublicKey !== recoveredPubKey.encode('hex', false)) {
+  if (
+    runWithSessionSigsUncompressedPublicKey !==
+    recoveredPubKey.encode('hex', false)
+  ) {
     throw new Error(
       `Expected recovered public key to match runWithSessionSigsUncompressedPublicKey and recoveredPubKey.encode('hex', false)`
     );

local-tests/tests/testUseEoaSessionSigsToPkpSignP384.ts

@@ -1,4 +1,4 @@
-import { ethers } from 'ethers';
+import EC from 'elliptic';
 import { createHash } from 'crypto';
 
 import { log } from '@lit-protocol/misc';
@@ -15,8 +15,10 @@ export const testUseEoaSessionSigsToPkpSignP384 = async (
   devEnv: TinnyEnvironment
 ) => {
   const alice = await devEnv.createRandomPerson();
-  const messageToSign = new Uint8Array([1, 2, 3, 4, 5]);
-  const messageHash = createHash('sha384').update(messageToSign).digest();
+  const messageToSign = [1, 2, 3, 4, 5];
+  const messageHash = createHash('sha384')
+    .update(Buffer.from(messageToSign))
+    .digest();
 
   const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
   const runWithSessionSigs = await devEnv.litNodeClient.pkpSign({
@@ -28,16 +30,6 @@ export const testUseEoaSessionSigsToPkpSignP384 = async (
 
   devEnv.releasePrivateKeyFromUser(alice);
 
-  // Expected output:
-  // {
-  //   r: "25fc0d2fecde8ed801e9fee5ad26f2cf61d82e6f45c8ad1ad1e4798d3b747fd9",
-  //   s: "549fe745b4a09536e6e7108d814cf7e44b93f1d73c41931b8d57d1b101833214",
-  //   recid: 1,
-  //   signature: "0x25fc0d2fecde8ed801e9fee5ad26f2cf61d82e6f45c8ad1ad1e4798d3b747fd9549fe745b4a09536e6e7108d814cf7e44b93f1d73c41931b8d57d1b1018332141c",
-  //   publicKey: "04A3CD53CCF63597D3FFCD1DF1E8236F642C7DF8196F532C8104625635DC55A1EE59ABD2959077432FF635DF2CED36CC153050902B71291C4D4867E7DAAF964049",
-  //   dataSigned: "7D87C5EA75F7378BB701E404C50639161AF3EFF66293E9F375B5F17EB50476F4",
-  // }
-
   // -- assertions
   // r, s, dataSigned, and public key should be present
   if (!runWithSessionSigs.r) {
@@ -63,29 +55,33 @@ export const testUseEoaSessionSigsToPkpSignP384 = async (
     throw new Error(`Expected "recid" to be parseable as a number`);
   }
 
-  // TODO fix after fixing P256
-  const signature = ethers.utils.joinSignature({
-    r: '0x' + runWithSessionSigs.r,
-    s: '0x' + runWithSessionSigs.s,
-    recoveryParam: runWithSessionSigs.recid,
-  });
-  const recoveredPubKey = ethers.utils.recoverPublicKey(
-    alice.loveLetter,
-    signature
-  );
+  const ec = new EC.ec('p384');
 
-  console.log('recoveredPubKey:', recoveredPubKey);
+  // Public key derived from message and signature
+  const recoveredPubKey = ec.recoverPubKey(
+    messageHash,
+    runWithSessionSigs,
+    runWithSessionSigs.recid
+  ); // Error: The recovery param is more than two bits
+  // Public key returned from nodes
+  const runWithSessionSigsUncompressedPublicKey = ec
+    .keyFromPublic(runWithSessionSigs.publicKey, 'hex')
+    .getPublic(false, 'hex');
 
-  if (recoveredPubKey !== `0x${runWithSessionSigs.publicKey.toLowerCase()}`) {
+  if (
+    runWithSessionSigsUncompressedPublicKey !==
+    recoveredPubKey.encode('hex', false)
+  ) {
     throw new Error(
-      `Expected recovered public key to match runWithSessionSigs.publicKey`
-    );
-  }
-  if (recoveredPubKey !== `0x${alice.pkp.publicKey.toLowerCase()}`) {
-    throw new Error(
-      `Expected recovered public key to match alice.pkp.publicKey`
+      `Expected recovered public key to match runWithSessionSigsUncompressedPublicKey and recoveredPubKey.encode('hex', false)`
     );
   }
+  // PKP public key lives in k256, it cannot be directly compared
+  // if (recoveredPubKey.encode('hex', false) !== alice.pkp.publicKey) {
+  //   throw new Error(
+  //     `Expected recovered public key to match alice.pkp.publicKey`
+  //   );
+  // }
 
   log('✅ testUseEoaSessionSigsToPkpSignP384');
 };

packages/crypto/src/lib/crypto.ts

@@ -259,7 +259,7 @@ export const combineEcdsaShares = async (
   await ecdsaVerify(variant!, messageHash, publicKey, [r, s, recId]);
 
   const signature = splitEcdsaSignature(
-    Buffer.concat([r, s, Buffer.from([recId + 27])])
+    Buffer.concat([r, s, Buffer.from([recId])])
   );
 
   return {