feat: ecdsa signing schemes support

Author: FedericoAmura

local-tests/build.mjs

@@ -33,6 +33,7 @@ const createBuildConfig = (entry, outfile, globalName) => ({
   platform: 'node',
   target: 'esnext',
   format: 'esm',
+  sourcemap: true,
   inject: [getPath('./shim.mjs')],
   mainFields: ['module', 'main'],
   ...(globalName ? { globalName } : {}),

local-tests/setup/shiva-client.d.ts

@@ -10,6 +10,7 @@ type ContractAbis = {
   pubkeyRouter: string;
   pkpPermissions: string;
   pkpHelper: string;
+  priceFeed: string;
   contractResolver: string;
   paymentDelegation: string;
 };

local-tests/setup/shiva-client.ts

@@ -116,6 +116,9 @@ export class TestnetClient {
         PKPHelper: {
           abi: JSON.parse(testNetConfig.contractAbis.pkpHelper),
         },
+        PriceFeed: {
+          abi: JSON.parse(testNetConfig.contractAbis.priceFeed),
+        },
         LITToken: {
           abi: JSON.parse(testNetConfig.contractAbis.litToken),
         },

local-tests/test.ts

@@ -3,7 +3,9 @@ import { runInBand, runTestsParallel } from './setup/tinny-operations';
 // import { testBundleSpeed } from './tests/test-bundle-speed';
 // import { testExample } from './tests/test-example';
 import { testUseEoaSessionSigsToExecuteJsSigning } from './tests/testUseEoaSessionSigsToExecuteJsSigning';
-import { testUseEoaSessionSigsToPkpSign } from './tests/testUseEoaSessionSigsToPkpSign';
+import { testUseEoaSessionSigsToPkpSignK256 } from 'local-tests/tests/testUseEoaSessionSigsToPkpSignK256';
+import { testUseEoaSessionSigsToPkpSignP256 } from 'local-tests/tests/testUseEoaSessionSigsToPkpSignP256';
+import { testUseEoaSessionSigsToPkpSignP384 } from 'local-tests/tests/testUseEoaSessionSigsToPkpSignP384';
 import { testUsePkpSessionSigsToExecuteJsSigning } from './tests/testUsePkpSessionSigsToExecuteJsSigning';
 import { testUsePkpSessionSigsToPkpSign } from './tests/testUsePkpSessionSigsToPkpSign';
 import { testUseValidLitActionCodeGeneratedSessionSigsToPkpSign } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToPkpSign';
@@ -163,7 +165,9 @@ setLitActionsCodeToLocal();
 
   const eoaSessionSigsTests = {
     testUseEoaSessionSigsToExecuteJsSigning,
-    testUseEoaSessionSigsToPkpSign,
+    testUseEoaSessionSigsToPkpSignK256,
+    testUseEoaSessionSigsToPkpSignP256,
+    testUseEoaSessionSigsToPkpSignP384,
     testUseEoaSessionSigsToExecuteJsSigningInParallel,
     testUseEoaSessionSigsToExecuteJsClaimKeys,
     testUseEoaSessionSigsToExecuteJsClaimMultipleKeys,

local-tests/tests.ts

@@ -1,5 +1,7 @@
 import { testUseEoaSessionSigsToExecuteJsSigning } from './tests/testUseEoaSessionSigsToExecuteJsSigning';
-import { testUseEoaSessionSigsToPkpSign } from './tests/testUseEoaSessionSigsToPkpSign';
+import { testUseEoaSessionSigsToPkpSignK256 } from './tests/testUseEoaSessionSigsToPkpSignK256';
+import { testUseEoaSessionSigsToPkpSignP256 } from './tests/testUseEoaSessionSigsToPkpSignP256';
+import { testUseEoaSessionSigsToPkpSignP384 } from './tests/testUseEoaSessionSigsToPkpSignP384';
 import { testUsePkpSessionSigsToExecuteJsSigning } from './tests/testUsePkpSessionSigsToExecuteJsSigning';
 import { testUsePkpSessionSigsToPkpSign } from './tests/testUsePkpSessionSigsToPkpSign';
 import { testUseValidLitActionCodeGeneratedSessionSigsToPkpSign } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToPkpSign';
@@ -103,7 +105,9 @@ import { testFailBatchGeneratePrivateKeysAtomic } from './tests/wrapped-keys/tes
 import { testUseEoaSessionSigsToRequestSingleResponse } from './tests/testUseEoaSessionSigsToRequestSingleResponse';
 
 export { testUseEoaSessionSigsToExecuteJsSigning } from './tests/testUseEoaSessionSigsToExecuteJsSigning';
-export { testUseEoaSessionSigsToPkpSign } from './tests/testUseEoaSessionSigsToPkpSign';
+export { testUseEoaSessionSigsToPkpSignK256 } from './tests/testUseEoaSessionSigsToPkpSignK256';
+export { testUseEoaSessionSigsToPkpSignP256 } from './tests/testUseEoaSessionSigsToPkpSignP256';
+export { testUseEoaSessionSigsToPkpSignP384 } from './tests/testUseEoaSessionSigsToPkpSignP384';
 export { testUsePkpSessionSigsToExecuteJsSigning } from './tests/testUsePkpSessionSigsToExecuteJsSigning';
 export { testUsePkpSessionSigsToPkpSign } from './tests/testUsePkpSessionSigsToPkpSign';
 export { testUseValidLitActionCodeGeneratedSessionSigsToPkpSign } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToPkpSign';
@@ -251,7 +255,9 @@ const wrappedKeysTests = {
 
 const eoaSessionSigsTests = {
   testUseEoaSessionSigsToExecuteJsSigning,
-  testUseEoaSessionSigsToPkpSign,
+  testUseEoaSessionSigsToPkpSignK256,
+  testUseEoaSessionSigsToPkpSignP256,
+  testUseEoaSessionSigsToPkpSignP384,
   testUseEoaSessionSigsToExecuteJsSigningInParallel,
   testUseEoaSessionSigsToExecuteJsClaimKeys,
   testUseEoaSessionSigsToExecuteJsClaimMultipleKeys,

local-tests/tests/testUseEoaSessionSigsToPkpSignK256.ts

@@ -0,0 +1,86 @@
+import EC from 'elliptic';
+import { createHash } from 'crypto';
+
+import { log } from '@lit-protocol/misc';
+import { getEoaSessionSigs } from 'local-tests/setup/session-sigs/get-eoa-session-sigs';
+import { TinnyEnvironment } from 'local-tests/setup/tinny-environment';
+
+/**
+ * Test Commands:
+ * ✅ NETWORK=datil-dev yarn test:local --filter=testUseEoaSessionSigsToPkpSignK256
+ * ✅ NETWORK=datil-test yarn test:local --filter=testUseEoaSessionSigsToPkpSignK256
+ * ✅ NETWORK=custom yarn test:local --filter=testUseEoaSessionSigsToPkpSignK256
+ */
+export const testUseEoaSessionSigsToPkpSignK256 = async (
+  devEnv: TinnyEnvironment
+) => {
+  const alice = await devEnv.createRandomPerson();
+  const messageToSign = [1, 2, 3, 4, 5];
+  const messageHash = createHash('sha256')
+    .update(Buffer.from(messageToSign))
+    .digest();
+
+  const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
+  const runWithSessionSigs = await devEnv.litNodeClient.pkpSign({
+    pubKey: alice.pkp.publicKey,
+    sessionSigs: eoaSessionSigs,
+    toSign: messageHash,
+    signingScheme: 'EcdsaK256Sha256',
+  });
+
+  devEnv.releasePrivateKeyFromUser(alice);
+
+  // -- assertions
+  // r, s, dataSigned, and public key should be present
+  if (!runWithSessionSigs.r) {
+    throw new Error(`Expected "r" in runWithSessionSigs`);
+  }
+  if (!runWithSessionSigs.s) {
+    throw new Error(`Expected "s" in runWithSessionSigs`);
+  }
+  if (!runWithSessionSigs.dataSigned) {
+    throw new Error(`Expected "dataSigned" in runWithSessionSigs`);
+  }
+  if (!runWithSessionSigs.publicKey) {
+    throw new Error(`Expected "publicKey" in runWithSessionSigs`);
+  }
+
+  // signature must start with 0x
+  if (!runWithSessionSigs.signature.startsWith('0x')) {
+    throw new Error(`Expected "signature" to start with 0x`);
+  }
+
+  // recid must be parseable as a number
+  if (isNaN(runWithSessionSigs.recid)) {
+    throw new Error(`Expected "recid" to be parseable as a number`);
+  }
+
+  const ec = new EC.ec('secp256k1');
+
+  // Public key derived from message and signature
+  const recoveredPubKey = ec.recoverPubKey(
+    messageHash,
+    runWithSessionSigs,
+    runWithSessionSigs.recid
+  );
+  // Public key returned from nodes
+  const runWithSessionSigsUncompressedPublicKey = ec
+    .keyFromPublic(runWithSessionSigs.publicKey, 'hex')
+    .getPublic(false, 'hex');
+
+  if (
+    runWithSessionSigsUncompressedPublicKey !==
+    recoveredPubKey.encode('hex', false)
+  ) {
+    throw new Error(
+      `Expected recovered public key to match runWithSessionSigsUncompressedPublicKey and recoveredPubKey.encode('hex', false)`
+    );
+  }
+  if (recoveredPubKey.encode('hex', false) !== alice.pkp.publicKey) {
+    throw new Error(
+      `Expected recovered public key to match alice.pkp.publicKey`
+    );
+  }
+
+  log('✅ testUseEoaSessionSigsToPkpSignK256');
+};

local-tests/tests/testUseEoaSessionSigsToPkpSign.ts renamed to local-tests/tests/testUseEoaSessionSigsToPkpSignP256.ts

@@ -1,39 +1,35 @@
-import { ethers } from 'ethers';
+import EC from 'elliptic';
+import { createHash } from 'crypto';
 
 import { log } from '@lit-protocol/misc';
 import { getEoaSessionSigs } from 'local-tests/setup/session-sigs/get-eoa-session-sigs';
 import { TinnyEnvironment } from 'local-tests/setup/tinny-environment';
 
 /**
  * Test Commands:
- * ✅ NETWORK=datil-dev yarn test:local --filter=testUseEoaSessionSigsToPkpSign
- * ✅ NETWORK=datil-test yarn test:local --filter=testUseEoaSessionSigsToPkpSign
- * ✅ NETWORK=custom yarn test:local --filter=testUseEoaSessionSigsToPkpSign
+ * ✅ NETWORK=datil-dev yarn test:local --filter=testUseEoaSessionSigsToPkpSignP256
+ * ✅ NETWORK=datil-test yarn test:local --filter=testUseEoaSessionSigsToPkpSignP256
+ * ✅ NETWORK=custom yarn test:local --filter=testUseEoaSessionSigsToPkpSignP256
  */
-export const testUseEoaSessionSigsToPkpSign = async (
+export const testUseEoaSessionSigsToPkpSignP256 = async (
   devEnv: TinnyEnvironment
 ) => {
   const alice = await devEnv.createRandomPerson();
+  const messageToSign = [1, 2, 3, 4, 5];
+  const messageHash = createHash('sha256')
+    .update(Buffer.from(messageToSign))
+    .digest();
 
   const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
   const runWithSessionSigs = await devEnv.litNodeClient.pkpSign({
-    toSign: alice.loveLetter,
     pubKey: alice.pkp.publicKey,
     sessionSigs: eoaSessionSigs,
+    toSign: messageHash,
+    signingScheme: 'EcdsaP256Sha256',
   });
 
   devEnv.releasePrivateKeyFromUser(alice);
 
-  // Expected output:
-  // {
-  //   r: "25fc0d2fecde8ed801e9fee5ad26f2cf61d82e6f45c8ad1ad1e4798d3b747fd9",
-  //   s: "549fe745b4a09536e6e7108d814cf7e44b93f1d73c41931b8d57d1b101833214",
-  //   recid: 1,
-  //   signature: "0x25fc0d2fecde8ed801e9fee5ad26f2cf61d82e6f45c8ad1ad1e4798d3b747fd9549fe745b4a09536e6e7108d814cf7e44b93f1d73c41931b8d57d1b1018332141c",
-  //   publicKey: "04A3CD53CCF63597D3FFCD1DF1E8236F642C7DF8196F532C8104625635DC55A1EE59ABD2959077432FF635DF2CED36CC153050902B71291C4D4867E7DAAF964049",
-  //   dataSigned: "7D87C5EA75F7378BB701E404C50639161AF3EFF66293E9F375B5F17EB50476F4",
-  // }
-
   // -- assertions
   // r, s, dataSigned, and public key should be present
   if (!runWithSessionSigs.r) {
@@ -59,29 +55,33 @@ export const testUseEoaSessionSigsToPkpSign = async (
     throw new Error(`Expected "recid" to be parseable as a number`);
   }
 
-  const signature = ethers.utils.joinSignature({
-    r: '0x' + runWithSessionSigs.r,
-    s: '0x' + runWithSessionSigs.s,
-    recoveryParam: runWithSessionSigs.recid,
-  });
-  const recoveredPubKey = ethers.utils.recoverPublicKey(
-    alice.loveLetter,
-    signature
-  );
+  const ec = new EC.ec('p256');
 
-  console.log('recoveredPubKey:', recoveredPubKey);
+  // Public key derived from message and signature
+  const recoveredPubKey = ec.recoverPubKey(
+    messageHash,
+    runWithSessionSigs,
+    runWithSessionSigs.recid
+  );
+  // Public key returned from nodes
+  const runWithSessionSigsUncompressedPublicKey = ec
+    .keyFromPublic(runWithSessionSigs.publicKey, 'hex')
+    .getPublic(false, 'hex');
 
-  // FIXME: Consider adding these assertions back after the v flipping PR is merged
-  // if (recoveredPubKey !== `0x${runWithSessionSigs.publicKey.toLowerCase()}`) {
-  //   throw new Error(
-  //     `Expected recovered public key to match runWithSessionSigs.publicKey`
-  //   );
-  // }
-  // if (recoveredPubKey !== `0x${alice.pkp.publicKey.toLowerCase()}`) {
+  if (
+    runWithSessionSigsUncompressedPublicKey !==
+    recoveredPubKey.encode('hex', false)
+  ) {
+    throw new Error(
+      `Expected recovered public key to match runWithSessionSigsUncompressedPublicKey and recoveredPubKey.encode('hex', false)`
+    );
+  }
+  // PKP public key lives in k256, it cannot be directly compared
+  // if (recoveredPubKey.encode('hex', false) !== alice.pkp.publicKey) {
   //   throw new Error(
   //     `Expected recovered public key to match alice.pkp.publicKey`
   //   );
   // }
 
-  log('✅ testUseEoaSessionSigsToPkpSign');
+  log('✅ testUseEoaSessionSigsToPkpSignP256');
 };

local-tests/tests/testUseEoaSessionSigsToPkpSignP384.ts

@@ -0,0 +1,87 @@
+import EC from 'elliptic';
+import { createHash } from 'crypto';
+
+import { log } from '@lit-protocol/misc';
+import { getEoaSessionSigs } from 'local-tests/setup/session-sigs/get-eoa-session-sigs';
+import { TinnyEnvironment } from 'local-tests/setup/tinny-environment';
+
+/**
+ * Test Commands:
+ * ✅ NETWORK=datil-dev yarn test:local --filter=testUseEoaSessionSigsToPkpSignP384
+ * ✅ NETWORK=datil-test yarn test:local --filter=testUseEoaSessionSigsToPkpSignP384
+ * ✅ NETWORK=custom yarn test:local --filter=testUseEoaSessionSigsToPkpSignP384
+ */
+export const testUseEoaSessionSigsToPkpSignP384 = async (
+  devEnv: TinnyEnvironment
+) => {
+  const alice = await devEnv.createRandomPerson();
+  const messageToSign = [1, 2, 3, 4, 5];
+  const messageHash = createHash('sha384')
+    .update(Buffer.from(messageToSign))
+    .digest();
+
+  const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
+  const runWithSessionSigs = await devEnv.litNodeClient.pkpSign({
+    pubKey: alice.pkp.publicKey,
+    sessionSigs: eoaSessionSigs,
+    toSign: messageHash,
+    signingScheme: 'EcdsaP384Sha384',
+  });
+
+  devEnv.releasePrivateKeyFromUser(alice);
+
+  // -- assertions
+  // r, s, dataSigned, and public key should be present
+  if (!runWithSessionSigs.r) {
+    throw new Error(`Expected "r" in runWithSessionSigs`);
+  }
+  if (!runWithSessionSigs.s) {
+    throw new Error(`Expected "s" in runWithSessionSigs`);
+  }
+  if (!runWithSessionSigs.dataSigned) {
+    throw new Error(`Expected "dataSigned" in runWithSessionSigs`);
+  }
+  if (!runWithSessionSigs.publicKey) {
+    throw new Error(`Expected "publicKey" in runWithSessionSigs`);
+  }
+
+  // signature must start with 0x
+  if (!runWithSessionSigs.signature.startsWith('0x')) {
+    throw new Error(`Expected "signature" to start with 0x`);
+  }
+
+  // recid must be parseable as a number
+  if (isNaN(runWithSessionSigs.recid)) {
+    throw new Error(`Expected "recid" to be parseable as a number`);
+  }
+
+  const ec = new EC.ec('p384');
+
+  // Public key derived from message and signature
+  const recoveredPubKey = ec.recoverPubKey(
+    messageHash,
+    runWithSessionSigs,
+    runWithSessionSigs.recid
+  ); // Error: The recovery param is more than two bits
+  // Public key returned from nodes
+  const runWithSessionSigsUncompressedPublicKey = ec
+    .keyFromPublic(runWithSessionSigs.publicKey, 'hex')
+    .getPublic(false, 'hex');
+
+  if (
+    runWithSessionSigsUncompressedPublicKey !==
+    recoveredPubKey.encode('hex', false)
+  ) {
+    throw new Error(
+      `Expected recovered public key to match runWithSessionSigsUncompressedPublicKey and recoveredPubKey.encode('hex', false)`
+    );
+  }
+  // PKP public key lives in k256, it cannot be directly compared
+  // if (recoveredPubKey.encode('hex', false) !== alice.pkp.publicKey) {
+  //   throw new Error(
+  //     `Expected recovered public key to match alice.pkp.publicKey`
+  //   );
+  // }
+
+  log('✅ testUseEoaSessionSigsToPkpSignP384');
+};

package.json

@@ -61,6 +61,7 @@
     "cross-fetch": "3.1.8",
     "date-and-time": "^2.4.1",
     "depd": "^2.0.0",
+    "elliptic": "^6.6.1",
     "ethers": "^5.7.1",
     "jose": "^4.14.4",
     "micromodal": "^0.4.10",
@@ -87,6 +88,7 @@
     "@nx/web": "17.3.0",
     "@solana/web3.js": "1.95.3",
     "@types/depd": "^1.1.36",
+    "@types/elliptic": "^6.4.18",
     "@types/events": "^3.0.3",
     "@types/jest": "27.4.1",
     "@types/node": "18.19.18",

packages/constants/src/lib/constants/constants.ts

@@ -1292,6 +1292,8 @@ export const LIT_CURVE = {
   EcdsaCaitSith: 'ECDSA_CAIT_SITH', // Legacy alias of K256
   EcdsaCAITSITHP256: 'EcdsaCaitSithP256',
   EcdsaK256Sha256: 'EcdsaK256Sha256', // same as caitsith
+  EcdsaP256Sha256: 'EcdsaP256Sha256',
+  EcdsaP384Sha384: 'EcdsaP384Sha384',
 } as const;
 
 export type LIT_CURVE_TYPE = keyof typeof LIT_CURVE;