4nk/sdk_client
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: 4nk:e06917a5ac242a4a5c3e93bc44e92c99b8903217
Branches Tags
4nk:main
4nk:dev
4nk:docker-support-v2
4nk:docker-support
4nk:wasm_scanner
4nk:docker-fixes
4nk:remove_process_cache
4nk:master
4nk:cicd
4nk:fix_file_blob
4nk:temp
4nk:working-chat
4nk:get_update_proposals
4nk:v1.0.0
4nk:v0.1.3
4nk:v0.1.2
4nk:v0.1.1
...
compare: 4nk:cf31bad16822c2c044ba334d82d366318a0a8f08
Branches Tags
4nk:dev
4nk:docker-support-v2
4nk:docker-support
4nk:wasm_scanner
4nk:docker-fixes
4nk:remove_process_cache
4nk:master
4nk:cicd
4nk:fix_file_blob
4nk:temp
4nk:working-chat
4nk:get_update_proposals
4nk:main
4nk:v1.0.0
4nk:v0.1.3
4nk:v0.1.2
4nk:v0.1.1

2 Commits
e06917a5ac ... cf31bad168

Author SHA1 Message Date
Sosthene
cf31bad168 sender is pairing id not member addresses 2025-09-04 04:52:48 +02:00
Sosthene
d2842831cb Refactor prd connect logic 2025-09-04 04:52:22 +02:00
1 changed files with 48 additions and 49 deletions
Show Stats Expand all files Collapse all files

97
src/api.rs
View File

@ -247,6 +247,7 @@ impl Into<JsValue> for ApiError {
#[wasm_bindgen]
pub fn setup() {
wasm_logger::init(wasm_logger::Config::default());
log::debug!("Logging in wasm working");
}
#[wasm_bindgen]
@ -574,13 +575,11 @@ fn handle_transaction(
public_data: PublicKey,
) -> AnyhowResult<ApiReturn> {
let b_scan: SecretKey;
let local_member: Member;
let sp_wallet: SpClient;
{
let local_device = lock_local_device()?;
sp_wallet = local_device.get_sp_client().clone();
b_scan = local_device.get_sp_client().get_scan_key();
local_member = local_device.to_member();
}
// Basically a transaction that destroyed utxo is a transaction we sent.
@ -610,7 +609,7 @@ fn handle_transaction(
let secret_hash = AnkMessageHash::from_message(shared_secret.as_byte_array());
// We still don't know who sent it, so we reply with a `Connect` prd
let prd_connect = Prd::new_connect(local_member, secret_hash, None);
let prd_connect = Prd::new_connect(None, secret_hash, None);
let msg = prd_connect.to_network_msg(&sp_wallet)?;
@ -692,7 +691,7 @@ fn confirm_prd(prd: &Prd, shared_secret: &AnkSharedSecretHash) -> AnyhowResult<S
let outpoint = prd.process_id;
let local_device = lock_local_device()?;
let sender = local_device.to_member();
let sender = local_device.get_pairing_commitment().ok_or(anyhow::Error::msg("Device not paired"))?;
let prd_confirm = Prd::new_confirm(outpoint, sender, prd.pcd_commitments.clone());
@ -741,54 +740,64 @@ fn create_diffs(device: &MutexGuard<Device>, process: &Process, new_state: &Proc
Ok(diffs)
}
fn handle_prd_connect(prd: Prd, secret: AnkSharedSecretHash) -> AnyhowResult<ApiReturn> {
fn handle_prd_connect(prd: Prd, secret: AnkSharedSecretHash, members_list: &OutPointMemberMap) -> AnyhowResult<ApiReturn> {
let local_device = lock_local_device()?;
let local_member = local_device.to_member();
let local_address = local_device.get_address();
let sp_wallet = local_device.get_sp_client();
let secret_hash = AnkMessageHash::from_message(secret.as_byte_array());
let mut shared_secrets = lock_shared_secrets()?;
if let Some(prev_proof) = prd.validation_tokens.get(0) {
// We are receiving this as an answer to a prd connect we sent
if prd.proof.is_none() {
return Err(anyhow::Error::msg("Missing proof"));
}
// check that the proof is valid
prev_proof.verify()?;
// Check it's signed with our key
let local_address = SilentPaymentAddress::try_from(sp_wallet.get_receiving_address())?;
if prev_proof.get_key() != local_address.get_spend_key() {
return Err(anyhow::Error::msg("Previous proof of a prd connect isn't signed by us"));
}
// Check it signs a prd connect that contains the commitment to the shared secret
let empty_prd = Prd::new_connect(local_member, secret_hash, None);
let empty_prd = Prd::new_connect(None, secret_hash, None);
let msg = AnkMessageHash::from_message(empty_prd.to_string().as_bytes());
if *msg.as_byte_array() != prev_proof.get_message() {
return Err(anyhow::Error::msg("Previous proof signs another message"));
}
// Now we can confirm the secret and link it to an address
let proof = prd.proof.unwrap();
let actual_sender = prd.sender.get_address_for_key(&proof.get_key())
.ok_or(anyhow::Error::msg("Signer of the proof is not part of sender"))?;
shared_secrets.confirm_secret_for_address(secret, actual_sender.clone().try_into()?);
let mut secrets_return = SecretsStore::new();
secrets_return.confirm_secret_for_address(secret, actual_sender.try_into()?);
return Ok(ApiReturn {
secrets: Some(secrets_return),
..Default::default()
})
// If sender provided its pairing id we can confirm the secret and link it to an address
if prd.sender.is_some() {
let actual_sender = members_list.0.get(&prd.sender.unwrap()).ok_or(anyhow::Error::msg("Sender not found"))?.get_address_for_key(&prd.proof.unwrap().get_key())
.ok_or(anyhow::Error::msg("Signer of the proof is not part of sender"))?;
shared_secrets.confirm_secret_for_address(secret, actual_sender.clone().try_into()?);
let mut secrets_return = SecretsStore::new();
secrets_return.confirm_secret_for_address(secret, actual_sender.try_into()?);
return Ok(ApiReturn {
secrets: Some(secrets_return),
..Default::default()
})
} else {
// otherwise we can't confirm the secret so we just do nothing
return Ok(ApiReturn::default());
}
} else {
let proof = prd.proof.unwrap();
let actual_sender = prd.sender.get_address_for_key(&proof.get_key())
.ok_or(anyhow::Error::msg("Signer of the proof is not part of sender"))?;
// We sent a transaction to some address and they answer with a prd connect
if prd.proof.is_none() {
return Err(anyhow::Error::msg("Missing proof"));
}
shared_secrets.confirm_secret_for_address(secret, actual_sender.clone().try_into()?);
// TODO check that the key in the proof match what we have in the secret store
let mut secrets_return = SecretsStore::new();
secrets_return.confirm_secret_for_address(secret, actual_sender.try_into()?);
let sender = local_device.get_pairing_commitment();
let prd_connect = Prd::new_connect(local_member, secret_hash, prd.proof);
// We create a prd connect with their own proof in validation tokens so that they can be sure who they're sharing the secret with
let prd_connect = Prd::new_connect(sender, secret_hash, prd.proof);
let msg = prd_connect.to_network_msg(sp_wallet)?;
let cipher = encrypt_with_key(secret.as_byte_array(), msg.as_bytes())?;
return Ok(ApiReturn {
ciphers_to_send: vec![cipher.to_lower_hex_string()],
secrets: Some(secrets_return),
..Default::default()
})
}
@ -804,7 +813,7 @@ fn handle_prd(
// Connect is a bit different here because there's no associated process
// Let's handle that case separately
if prd.prd_type == PrdType::Connect {
return handle_prd_connect(prd, secret);
return handle_prd_connect(prd, secret, members_list);
}
let outpoint = prd.process_id;
@ -913,15 +922,8 @@ fn handle_prd(
PrdType::Request => {
// We are being requested encrypted data for one or more states, to be uploaded on storage
let states: Vec<[u8; 32]> = serde_json::from_str(&prd.payload)?;
let requester = if let Some((requester_process_id, _)) = members_list.0.iter()
.find(|(outpoint, member)| {
**member == prd.sender
})
{
requester_process_id
} else {
return Err(AnyhowError::msg("Unknown requester"));
};
let requester = prd.sender.ok_or(anyhow::Error::msg("Missing sender"))?;
// diffs will trigger upload of the encrypted data on storage
let mut diffs = vec![];
@ -957,8 +959,7 @@ fn handle_prd(
relevant_fields.extend(fields);
}
let sender: Member = local_device
.to_member();
let sender = local_device.get_pairing_commitment().ok_or(AnyhowError::msg("Device not paired"))?;
let mut full_prd = Prd::new_update(
outpoint,
@ -972,7 +973,7 @@ fn handle_prd(
full_prd.filter_keys(&relevant_fields);
let prd_msg = full_prd.to_network_msg(sp_wallet)?;
let addresses = prd.sender.get_addresses();
let addresses = members_list.0.get(&sender).ok_or(AnyhowError::msg("Unknown requester"))?.get_addresses();
for sp_address in addresses.into_iter() {
// We skip our own device address, no point sending ourself a cipher
if sp_address == local_address {
@ -1030,7 +1031,7 @@ fn handle_decrypted_message(
processes: &OutPointProcessMap
) -> anyhow::Result<ApiReturn> {
let local_address: SilentPaymentAddress = lock_local_device()?.get_address();
if let Ok(prd) = Prd::extract_from_message(&plain, local_address) {
if let Ok(prd) = Prd::extract_from_message(&plain, local_address, members_list) {
handle_prd(prd, secret, members_list, processes)
} else {
Err(anyhow::Error::msg("Failed to handle decrypted message"))
@ -1380,13 +1381,11 @@ pub fn request_data(process_id: String, state_ids_str: Vec<String>, roles: JsVal
return Err(ApiError::new("No valid state ids provided".to_owned()));
}
// TODO actually sort members that have data in common with us (even in different roles)
let mut send_to: HashSet<SilentPaymentAddress> = HashSet::new();
for role in roles {
for (_, role_def) in role {
let pairing_ids = &role_def.members;
if !pairing_ids.contains(&sender_pairing_id) {
continue;
}
for pairing_id in pairing_ids {
if let Some(member) = members_list.0.get(pairing_id) {
for address in member.get_addresses() {
@ -1400,7 +1399,7 @@ pub fn request_data(process_id: String, state_ids_str: Vec<String>, roles: JsVal
let prd_request = Prd::new_request(
process_id,
members_list.0.get(&sender_pairing_id).unwrap().clone(),
sender_pairing_id,
state_ids
);
@ -1470,8 +1469,7 @@ pub fn create_update_message(
}
}
let sender: Member = local_device
.to_member();
let sender: OutPoint = local_device.get_pairing_commitment().ok_or(AnyhowError::msg("Device not paired"))?;
let full_prd = Prd::new_update(
process_id,
@ -1641,8 +1639,9 @@ fn new_response_prd(process_id: OutPoint, update_state: &ProcessState, members_l
let proof = update_state.validation_tokens.iter().find(|t| t.get_key() == our_key)
.ok_or(AnyhowError::msg("We haven't added our validation token yet".to_owned()))?;
let sender: Member = local_device
.to_member();
let sender: OutPoint = local_device
.get_pairing_commitment()
.ok_or(AnyhowError::msg("Device not paired"))?;
let response_prd = Prd::new_response(
process_id,