chore: verify signatures when applying updates (wip)

Author: pcarranzav

packages/hypergraph-react/src/HypergraphAppContext.tsx

@@ -4,7 +4,6 @@ import * as automerge from '@automerge/automerge';
 import { uuid } from '@automerge/automerge';
 import { RepoContext } from '@automerge/automerge-repo-react-hooks';
 import { Identity, Key, Messages, SpaceEvents, type SpaceStorageEntry, Utils, store } from '@graphprotocol/hypergraph';
-import { canonicalize } from '@graphprotocol/hypergraph/utils/jsc';
 import { useSelector as useSelectorStore } from '@xstate/store/react';
 import { Effect, Exit } from 'effect';
 import * as Schema from 'effect/Schema';
@@ -536,18 +535,41 @@ export function HypergraphAppProvider({
             }
 
             if (response.updates) {
-              const updates = response.updates?.updates.map((update) => {
-                return Messages.decryptMessage({
-                  nonceAndCiphertext: update,
-                  secretKey: Utils.hexToBytes(keys[0].key),
+              const updates = response.updates?.updates.map(async (update) => {
+                // TODO verify the update signature and that the signing key
+                // belongs to the reported accountId
+                const signer = Messages.recoverUpdateMessageSigner({
+                  update: update.update,
+                  spaceId: response.id,
+                  ephemeralId: update.ephemeralId,
+                  signature: update.signature,
+                  accountId: update.accountId,
                 });
+                const authorIdentity = await getUserIdentity(update.accountId);
+                if (authorIdentity.signaturePublicKey !== signer) {
+                  console.error(
+                    `Received invalid signature, recovered signer is ${signer},
+                    expected ${authorIdentity.signaturePublicKey}`,
+                  );
+                  return { valid: false, update: new Uint8Array([]) };
+                }
+                return {
+                  valid: true,
+                  update: Messages.decryptMessage({
+                    nonceAndCiphertext: update.update,
+                    secretKey: Utils.hexToBytes(keys[0].key),
+                  }),
+                };
               });
 
-              for (const update of updates) {
-                automergeDocHandle.update((existingDoc) => {
-                  const [newDoc] = automerge.applyChanges(existingDoc, [update]);
-                  return newDoc;
-                });
+              for (const updatePromise of updates) {
+                const update = await updatePromise;
+                if (update.valid) {
+                  automergeDocHandle.update((existingDoc) => {
+                    const [newDoc] = automerge.applyChanges(existingDoc, [update.update]);
+                    return newDoc;
+                  });
+                }
               }
 
               store.send({

packages/hypergraph/src/messages/signed-update-message.ts

@@ -1,9 +1,10 @@
 import { secp256k1 } from '@noble/curves/secp256k1';
-import { canonicalize, hexToBytes, stringToUint8Array } from '../utils/index.js';
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex, canonicalize, hexToBytes, stringToUint8Array } from '../utils/index.js';
 import { encryptMessage } from './encrypt-message.js';
 import type { RequestCreateUpdate } from './types.js';
 
-interface Params {
+interface SignedMessageParams {
   accountId: string;
   ephemeralId: string;
   spaceId: string;
@@ -12,14 +13,25 @@ interface Params {
   signaturePrivateKey: string;
 }
 
+interface RecoverParams {
+  update: Uint8Array;
+  spaceId: string;
+  ephemeralId: string;
+  signature: {
+    hex: string;
+    recovery: number;
+  };
+  accountId: string;
+}
+
 export const signedUpdateMessage = ({
   accountId,
   ephemeralId,
   spaceId,
   message,
   secretKey,
   signaturePrivateKey,
-}: Params): RequestCreateUpdate => {
+}: SignedMessageParams): RequestCreateUpdate => {
   const update = encryptMessage({
     message,
     secretKey: hexToBytes(secretKey),
@@ -34,7 +46,12 @@ export const signedUpdateMessage = ({
     }),
   );
 
-  const signature = secp256k1.sign(messageToSign, hexToBytes(signaturePrivateKey), { prehash: true }).toCompactHex();
+  const recoverySignature = secp256k1.sign(messageToSign, hexToBytes(signaturePrivateKey), { prehash: true });
+
+  const signature = {
+    hex: recoverySignature.toCompactHex(),
+    recovery: recoverySignature.recovery,
+  };
 
   return {
     type: 'create-update',
@@ -45,3 +62,17 @@ export const signedUpdateMessage = ({
     signature,
   };
 };
+
+export const recoverUpdateMessageSigner = ({ update, spaceId, ephemeralId, signature, accountId }: RecoverParams) => {
+  const recoveredSignature = secp256k1.Signature.fromCompact(signature.hex).addRecoveryBit(signature.recovery);
+  const signedMessage = stringToUint8Array(
+    canonicalize({
+      accountId,
+      ephemeralId,
+      update,
+      spaceId,
+    }),
+  );
+  const signedMessageHash = sha256(signedMessage);
+  return bytesToHex(recoveredSignature.recoverPublicKey(signedMessageHash).toRawBytes(true));
+};

packages/hypergraph/src/messages/types.ts

@@ -2,8 +2,20 @@ import * as Schema from 'effect/Schema';
 
 import { AcceptInvitationEvent, CreateInvitationEvent, CreateSpaceEvent, SpaceEvent } from '../space-events/index.js';
 
+export const SignatureWithRecovery = Schema.Struct({
+  hex: Schema.String,
+  recovery: Schema.Number,
+});
+
+export const SignedUpdate = Schema.Struct({
+  update: Schema.Uint8Array,
+  accountId: Schema.String,
+  signature: SignatureWithRecovery,
+  ephemeralId: Schema.String,
+});
+
 export const Updates = Schema.Struct({
-  updates: Schema.Array(Schema.Uint8Array),
+  updates: Schema.Array(SignedUpdate),
   firstUpdateClock: Schema.Number,
   lastUpdateClock: Schema.Number,
 });
@@ -87,7 +99,7 @@ export const RequestCreateUpdate = Schema.Struct({
   update: Schema.Uint8Array,
   spaceId: Schema.String,
   ephemeralId: Schema.String, // used to identify the confirmation message
-  signature: Schema.String,
+  signature: SignatureWithRecovery,
 });
 
 export const RequestMessage = Schema.Union(