feat(wrapped-keys): add signTypedData functionality with encrypted Ethereum key

- Introduced signTypedDataWithEncryptedEthereumKey function for signing typed data using an encrypted Ethereum key.
- Updated API to include signTypedDataWithEncryptedKey.
- Enhanced types to support signTypedData message parameters.
- Updated constants and code repositories to include new signTypedData actions.
- Added tests for signTypedData functionality in the lit actions client.

Author: kouraf

packages/wrapped-keys-lit-actions/esbuild.config.js

@@ -56,6 +56,7 @@ module.exports = {
           './src/lib/self-executing-actions/solana/generateEncryptedSolanaPrivateKey.ts',
           './src/lib/self-executing-actions/ethereum/signTransactionWithEncryptedEthereumKey.ts',
           './src/lib/self-executing-actions/ethereum/signMessageWithEncryptedEthereumKey.ts',
+          './src/lib/self-executing-actions/ethereum/signTypedDataWithEncryptedEthereumKey.ts',
           './src/lib/self-executing-actions/ethereum/generateEncryptedEthereumPrivateKey.ts',
           './src/lib/self-executing-actions/common/exportPrivateKey.ts',
           './src/lib/self-executing-actions/common/batchGenerateEncryptedKeys.ts',

packages/wrapped-keys-lit-actions/src/index.ts

@@ -3,6 +3,7 @@ import * as exportPrivateKey from './generated/common/exportPrivateKey';
 import * as generateEncryptedEthereumPrivateKey from './generated/ethereum/generateEncryptedEthereumPrivateKey';
 import * as signMessageWithEthereumEncryptedKey from './generated/ethereum/signMessageWithEncryptedEthereumKey';
 import * as signTransactionWithEthereumEncryptedKey from './generated/ethereum/signTransactionWithEncryptedEthereumKey';
+import * as signTypedDataWithEthereumEncryptedKey from './generated/ethereum/signTypedDataWithEncryptedEthereumKey';
 import * as generateEncryptedSolanaPrivateKey from './generated/solana/generateEncryptedSolanaPrivateKey';
 import * as signMessageWithSolanaEncryptedKey from './generated/solana/signMessageWithEncryptedSolanaKey';
 import * as signTransactionWithSolanaEncryptedKey from './generated/solana/signTransactionWithEncryptedSolanaKey';
@@ -22,6 +23,10 @@ const litActionRepository: LitActionCodeRepository = {
     evm: signMessageWithEthereumEncryptedKey.code,
     solana: signMessageWithSolanaEncryptedKey.code,
   },
+  signTypedData: {
+    evm: signTypedDataWithEthereumEncryptedKey.code,
+    solana: '',
+  },
   generateEncryptedKey: {
     evm: generateEncryptedEthereumPrivateKey.code,
     solana: generateEncryptedSolanaPrivateKey.code,
@@ -47,6 +52,7 @@ export {
   generateEncryptedEthereumPrivateKey,
   signMessageWithEthereumEncryptedKey,
   signTransactionWithEthereumEncryptedKey,
+  signTypedDataWithEthereumEncryptedKey,
   generateEncryptedSolanaPrivateKey,
   signMessageWithSolanaEncryptedKey,
   signTransactionWithSolanaEncryptedKey,

packages/wrapped-keys-lit-actions/src/lib/internal/ethereum/signTypedData.ts

@@ -0,0 +1,79 @@
+interface SignTypedDataParams {
+  privateKey: string;
+  messageToSign: {
+    domain: any;
+    types: Record<string, any[]>;
+    value: Record<string, any>;
+  };
+}
+
+interface VerifyMessageSignatureParams {
+  messageToSign: {
+    domain: any;
+    types: Record<string, any[]>;
+    value: Record<string, any>;
+  };
+  signature: string;
+}
+
+async function signTypedData({
+  privateKey,
+  messageToSign,
+}: SignTypedDataParams): Promise<{ signature: string; walletAddress: string }> {
+  try {
+    const wallet = new ethers.Wallet(privateKey);
+    const signature = await wallet._signTypedData(
+      messageToSign.domain,
+      messageToSign.types,
+      messageToSign.value
+    );
+
+    return { signature, walletAddress: wallet.address };
+  } catch (err: unknown) {
+    if (err instanceof Error) {
+      throw new Error(`When signing message - ${err.message}`);
+    } else {
+      throw new Error(`An unexpected error occurred: ${err}`);
+    }
+  }
+}
+
+function verifyMessageSignature({
+  messageToSign,
+  signature,
+}: VerifyMessageSignatureParams): string {
+  try {
+    return ethers.utils.verifyTypedData(
+      messageToSign.domain,
+      messageToSign.types,
+      messageToSign.value,
+      signature
+    );
+  } catch (err: unknown) {
+    throw new Error(
+      `When validating signed Ethereum message is valid: ${
+        (err as Error).message
+      }`
+    );
+  }
+}
+
+export async function signTypedDataEthereumKey({
+  privateKey,
+  messageToSign,
+}: SignTypedDataParams): Promise<string> {
+  const { signature, walletAddress } = await signTypedData({
+    privateKey,
+    messageToSign,
+  });
+
+  const recoveredAddress = verifyMessageSignature({ messageToSign, signature });
+
+  if (recoveredAddress !== walletAddress) {
+    throw new Error(
+      "Recovered address from verifyMessage doesn't match the wallet address"
+    );
+  }
+
+  return signature;
+}

packages/wrapped-keys-lit-actions/src/lib/raw-action-functions/ethereum/signTypedDataWithEncryptedEthereumKey.ts

@@ -0,0 +1,36 @@
+import { getDecryptedKeyToSingleNode } from '../../internal/common/getDecryptedKeyToSingleNode';
+import { signTypedDataEthereumKey } from '../../internal/ethereum/signTypedData';
+
+export interface SignTypedDataWithEncryptedEthereumKeyParams {
+  accessControlConditions: string;
+  ciphertext: string;
+  dataToEncryptHash: string;
+  messageToSign: {
+    domain: any;
+    types: Record<string, any[]>;
+    value: Record<string, any>;
+  };
+}
+
+/**
+ * Signs a message with the Ethers wallet which is also decrypted inside the Lit Action.
+ * @param {string} pkpAddress - The Eth address of the PKP which is associated with the Wrapped Key
+ * @returns {Promise<string>} - Returns a message signed by the Ethers Wrapped key. Or returns errors if any.
+ */
+export async function signTypedDataWithEncryptedEthereumKey({
+  accessControlConditions,
+  ciphertext,
+  dataToEncryptHash,
+  messageToSign,
+}: SignTypedDataWithEncryptedEthereumKeyParams): Promise<string> {
+  const privateKey = await getDecryptedKeyToSingleNode({
+    accessControlConditions,
+    ciphertext,
+    dataToEncryptHash,
+  });
+
+  return signTypedDataEthereumKey({
+    privateKey,
+    messageToSign,
+  });
+}

packages/wrapped-keys-lit-actions/src/lib/self-executing-actions/ethereum/signTypedDataWithEncryptedEthereumKey.ts

@@ -0,0 +1,23 @@
+import { litActionHandler } from '../../litActionHandler';
+import {
+  SignTypedDataWithEncryptedEthereumKeyParams,
+  signTypedDataWithEncryptedEthereumKey,
+} from '../../raw-action-functions/ethereum/signTypedDataWithEncryptedEthereumKey';
+
+import type { SignMessageWithEncryptedEthereumKeyParams } from '../../raw-action-functions/ethereum/signMessageWithEncryptedEthereumKey';
+
+// Using local declarations to avoid _every file_ thinking these are always in scope
+declare const accessControlConditions: SignMessageWithEncryptedEthereumKeyParams['accessControlConditions'];
+declare const ciphertext: SignMessageWithEncryptedEthereumKeyParams['ciphertext'];
+declare const dataToEncryptHash: SignMessageWithEncryptedEthereumKeyParams['dataToEncryptHash'];
+declare const messageToSign: SignTypedDataWithEncryptedEthereumKeyParams['messageToSign'];
+
+(async () =>
+  litActionHandler(async () =>
+    signTypedDataWithEncryptedEthereumKey({
+      accessControlConditions,
+      ciphertext,
+      dataToEncryptHash,
+      messageToSign,
+    })
+  ))();

packages/wrapped-keys/src/index.ts

@@ -5,6 +5,7 @@ import {
   generatePrivateKey,
   importPrivateKey,
   signTransactionWithEncryptedKey,
+  signTypedDataWithEncryptedKey,
   storeEncryptedKey,
   listEncryptedKeyMetadata,
   batchGeneratePrivateKeys,
@@ -72,6 +73,7 @@ export const api = {
   importPrivateKey,
   signMessageWithEncryptedKey,
   signTransactionWithEncryptedKey,
+  signTypedDataWithEncryptedKey,
   storeEncryptedKey,
   storeEncryptedKeyBatch,
   batchGeneratePrivateKeys,

packages/wrapped-keys/src/lib/api/index.ts

@@ -6,6 +6,7 @@ import { importPrivateKey } from './import-private-key';
 import { listEncryptedKeyMetadata } from './list-encrypted-key-metadata';
 import { signMessageWithEncryptedKey } from './sign-message-with-encrypted-key';
 import { signTransactionWithEncryptedKey } from './sign-transaction-with-encrypted-key';
+import { signTypedDataWithEncryptedKey } from './sign-typed-data-with-encrypted-key';
 import { storeEncryptedKey } from './store-encrypted-key';
 import { storeEncryptedKeyBatch } from './store-encrypted-key-batch';
 
@@ -16,6 +17,7 @@ export {
   signTransactionWithEncryptedKey,
   exportPrivateKey,
   signMessageWithEncryptedKey,
+  signTypedDataWithEncryptedKey,
   storeEncryptedKey,
   storeEncryptedKeyBatch,
   getEncryptedKey,

packages/wrapped-keys/src/lib/api/sign-typed-data-with-encrypted-key.ts

@@ -0,0 +1,52 @@
+import {
+  getFirstSessionSig,
+  getPkpAccessControlCondition,
+  getPkpAddressFromSessionSig,
+} from './utils';
+import { signMessageWithLitAction } from '../lit-actions-client';
+import { getLitActionCodeOrCid } from '../lit-actions-client/utils';
+import { fetchPrivateKey } from '../service-client';
+import { SignMessageWithEncryptedKeyParams } from '../types';
+
+/**
+ * Signs a typed data inside the Lit Action using the previously persisted wrapped key associated with the current LIT PK.
+ * This method fetches the encrypted key from the wrapped keys service, then executes a Lit Action that decrypts the key inside the LIT action and uses
+ * the decrypted key to sign the provided typed data
+ *
+ * @param { SignMessageWithEncryptedKeyParams } params Parameters to use for signing the message
+ *
+ * @returns { Promise<string> } - The signed typed data
+ */
+export async function signTypedDataWithEncryptedKey(
+  params: SignMessageWithEncryptedKeyParams
+): Promise<string> {
+  const { litNodeClient, network, pkpSessionSigs, id } = params;
+
+  const sessionSig = getFirstSessionSig(pkpSessionSigs);
+  const pkpAddress = getPkpAddressFromSessionSig(sessionSig);
+
+  const storedKeyMetadata = await fetchPrivateKey({
+    pkpAddress,
+    id,
+    sessionSig,
+    litNetwork: litNodeClient.config.litNetwork,
+  });
+
+  const allowPkpAddressToDecrypt = getPkpAccessControlCondition(
+    storedKeyMetadata.pkpAddress
+  );
+
+  const { litActionCode, litActionIpfsCid } = getLitActionCodeOrCid(
+    network,
+    'signTypedData'
+  );
+
+  return signMessageWithLitAction({
+    ...params,
+    litActionIpfsCid: litActionCode ? undefined : litActionIpfsCid,
+    litActionCode: litActionCode ? litActionCode : undefined,
+    accessControlConditions: [allowPkpAddressToDecrypt],
+    pkpSessionSigs,
+    storedKeyMetadata,
+  });
+}

packages/wrapped-keys/src/lib/lit-actions-client/code-repository.spec.ts

@@ -16,6 +16,10 @@ describe('wrapped keys lit action code repository', () => {
           evm: '',
           solana: '',
         },
+        signTypedData: {
+          evm: '',
+          solana: '',
+        },
         generateEncryptedKey: {
           evm: '',
           solana: '',
@@ -88,6 +92,10 @@ describe('wrapped keys lit action code repository', () => {
           evm: 'test',
           solana: 'test',
         },
+        signTypedData: {
+          evm: 'test',
+          solana: 'test',
+        },
         generateEncryptedKey: {
           evm: 'test',
           solana: 'test',
@@ -106,6 +114,10 @@ describe('wrapped keys lit action code repository', () => {
           evm: 'test',
           solana: 'test',
         },
+        signTypedData: {
+          evm: 'test',
+          solana: 'test',
+        },
         generateEncryptedKey: {
           evm: 'test',
           solana: 'test',
@@ -127,6 +139,10 @@ describe('wrapped keys lit action code repository', () => {
           evm: 'test',
           solana: 'test',
         },
+        signTypedData: {
+          evm: 'test',
+          solana: 'test',
+        },
         generateEncryptedKey: {
           evm: 'test',
           solana: 'test',
@@ -154,6 +170,10 @@ describe('wrapped keys lit action code repository', () => {
           evm: 'eth',
           solana: 'test',
         },
+        signTypedData: {
+          evm: 'eth',
+          solana: 'test',
+        },
         generateEncryptedKey: {
           evm: 'test',
           solana: 'test',

packages/wrapped-keys/src/lib/lit-actions-client/code-repository.ts

@@ -23,6 +23,10 @@ const litActionCodeRepository: LitActionCodeRepository = Object.freeze({
     evm: '',
     solana: '',
   }),
+  signTypedData: Object.seal({
+    evm: '',
+    solana: '',
+  }),
   generateEncryptedKey: Object.seal({
     evm: '',
     solana: '',