Fix/disableHashedFactorkey

src/mpcCoreKit.ts

@@ -323,6 +323,11 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     if (this.isNodejsOrRN(this.options.uxMode)) {
       throw CoreKitError.oauthLoginUnsupported(`Oauth login is NOT supported in ${this.options.uxMode} mode.`);
     }
+
+    if (this.state.factorKey) {
+      throw CoreKitError.oauthLoginUnsupported("Instance is alreay login or rehydrated");
+    }
+
     const { importTssKey, registerExistingSFAKey } = params;
     const tkeyServiceProvider = this.torusSp;
 
@@ -677,7 +682,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
    */
   public getPubKey(): Buffer {
     const { tssPubKey } = this.state;
-    return Buffer.from(tssPubKey);
+    return tssPubKey;
   }
 
   /**
@@ -756,7 +761,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     }
 
     // Client lib expects pub key in XY-format, base64-encoded.
-    const tssPubKeyBase64 = Buffer.from(tssPubKey.toSEC1(secp256k1).subarray(1)).toString("base64");
+    const tssPubKeyBase64 = tssPubKey.toSEC1(secp256k1).subarray(1).toString("base64");
 
     const client = new Client(
       currentSession,
@@ -796,7 +801,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     this.wasmLib = await this.loadTssWasm();
     if (this.keyType === KeyType.secp256k1) {
       const sig = await this.sign_ECDSA_secp256k1(data, hashed, secp256k1Precompute);
-      return Buffer.concat([sig.r, sig.s, Buffer.from([sig.v])]);
+      return Buffer.concat([new Uint8Array(sig.r), new Uint8Array(sig.s), new Uint8Array([sig.v])]);
     } else if (this.keyType === KeyType.ed25519) {
       return this.sign_ed25519(data, hashed);
     }
@@ -892,6 +897,19 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
       // manual call syncLocalMetadataTransitions() required to sync local transitions to storage
       await this.tKey._syncShareMetadata();
       await this.tKey.syncLocalMetadataTransitions();
+
+      if (this.sessionId) {
+        const payload: SessionData = {
+          postBoxKey: this.state.postBoxKey,
+          postboxKeyNodeIndexes: this.state.postboxKeyNodeIndexes || [],
+          factorKey: this.state.factorKey?.toString("hex"),
+          tssShareIndex: this.state.tssShareIndex as number,
+          tssPubKey: this.state.tssPubKey?.toString("hex"),
+          signatures: this.signatures,
+          userInfo: this.state.userInfo,
+        };
+        this.sessionManager.updateSession(payload);
+      }
     } catch (error: unknown) {
       log.error("sync metadata error", error);
       throw error;
@@ -1107,6 +1125,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
           shareDescription: FactorKeyTypeShareDescription.Other,
           updateMetadata: false,
         });
+        await this.setDeviceFactor(factorKey);
       } else {
         await this.addFactorDescription({
           factorKey,
@@ -1199,8 +1218,16 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
         signatures: result.signatures,
         userInfo: result.userInfo,
       });
+
+      // update device factor if not present upon rehydration
+      if (this.options.disableHashedFactorKey) {
+        const deviceFactorKey = await this.getDeviceFactor();
+        if (!deviceFactorKey && this.state.factorKey && this.state.tssShareIndex === TssShareType.DEVICE) {
+          await this.setDeviceFactor(this.state.factorKey);
+        }
+      }
     } catch (err) {
-      log.warn("failed to authorize session", err);
+      log.warn("failed to authorize session please use new", err);
     }
   }
 
@@ -1230,7 +1257,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
         postboxKeyNodeIndexes: postboxKeyNodeIndexes || [],
         factorKey: factorKey?.toString("hex"),
         tssShareIndex: tssShareIndex as number,
-        tssPubKey: Buffer.from(tssPubKey).toString("hex"),
+        tssPubKey: tssPubKey.toString("hex"),
         signatures: this.signatures,
         userInfo,
       };
@@ -1507,7 +1534,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
       clientXCoord,
       clientShareAdjustedHex,
       pubKeyHex,
-      data,
+      new Uint8Array(data),
       serverCoefficientsHex,
       this.socketTransports
     );

tests/ed25519.spec.ts

@@ -6,23 +6,27 @@ import { UX_MODE_TYPE } from "@toruslabs/customauth";
 import { tssLib } from "@toruslabs/tss-frost-lib";
 import BN from "bn.js";
 
-import { AsyncStorage, COREKIT_STATUS, ed25519, MemoryStorage, WEB3AUTH_NETWORK, WEB3AUTH_NETWORK_TYPE, Web3AuthMPCCoreKit } from "../src";
+import { AsyncStorage, COREKIT_STATUS, ed25519, MemoryStorage, TssShareType, WEB3AUTH_NETWORK, WEB3AUTH_NETWORK_TYPE, Web3AuthMPCCoreKit } from "../src";
 import { bufferToElliptic, criticalResetAccount, mockLogin, mockLogin2 } from "./setup";
 
 type TestVariable = {
   web3AuthNetwork: WEB3AUTH_NETWORK_TYPE;
   uxMode: UX_MODE_TYPE | "nodejs";
   manualSync?: boolean;
   email: string;
+  importedEmail: string
 };
 
-const defaultTestEmail = "testEmailForLoginEd25519";
+const defaultTestEmail = "testEmailForLoginEd25519-01";
+const importedEmail = "testEmailImportEd25519-01"
+
 const variable: TestVariable[] = [
-  { web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", email: defaultTestEmail },
+  { web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", email: defaultTestEmail, importedEmail },
   // { web3AuthNetwork: WEB3AUTH_NETWORK.MAINNET, uxMode: UX_MODE.REDIRECT, email: defaultTestEmail },
 
-  { web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", manualSync: true, email: defaultTestEmail },
+  { web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", manualSync: true, email: defaultTestEmail , importedEmail },
   // { web3AuthNetwork: WEB3AUTH_NETWORK.MAINNET, uxMode: UX_MODE.REDIRECT, manualSync: true, email: defaultTestEmail },
+
 ];
 
 const checkLogin = async (coreKitInstance: Web3AuthMPCCoreKit, accountIndex = 0) => {
@@ -39,7 +43,7 @@ const storageInstance = new MemoryStorage();
 
 variable.forEach((testVariable) => {
   const { web3AuthNetwork, uxMode, manualSync, email } = testVariable;
-  const newCoreKitInstance = () =>
+  const newCoreKitInstance = ( params: {disableSessionManager : boolean } = {disableSessionManager: true}) =>
     new Web3AuthMPCCoreKit({
       web3AuthClientId: "torus-key-test",
       web3AuthNetwork,
@@ -48,11 +52,12 @@ variable.forEach((testVariable) => {
       tssLib,
       storage: storageInstance,
       manualSync,
+      disableSessionManager: params.disableSessionManager
     });
 
-  async function resetAccount() {
+  async function resetAccount( resetEmail: string) {
     const resetInstance = newCoreKitInstance();
-    const { idToken, parsedToken } = await mockLogin(email);
+    const { idToken, parsedToken } = await mockLogin(resetEmail);
     await resetInstance.init({ handleRedirectResult: false, rehydrate: false });
     await resetInstance.loginWithJWT({
       verifier: "torus-test-health",
@@ -69,9 +74,11 @@ variable.forEach((testVariable) => {
   let checkTssShare: BN;
 
   test(`#Login Test with JWT + logout:  ${testNameSuffix}`, async (t) => {
-    await resetAccount();
+    await resetAccount(email);
+    await resetAccount(importedEmail);
+
     await t.test("#Login", async function () {
-      const coreKitInstance = newCoreKitInstance();
+      const coreKitInstance = newCoreKitInstance({disableSessionManager: false});
 
       // mocklogin
       const { idToken, parsedToken } = await mockLogin(email);
@@ -98,7 +105,7 @@ variable.forEach((testVariable) => {
     });
 
     await t.test("#relogin ", async function () {
-      const coreKitInstance = newCoreKitInstance();
+      const coreKitInstance = newCoreKitInstance({ disableSessionManager: false });
       // rehydrate
       await coreKitInstance.init({ handleRedirectResult: false });
       await checkLogin(coreKitInstance);
@@ -147,5 +154,39 @@ variable.forEach((testVariable) => {
       const valid = ed25519().verify(msgBuffer, signature, coreKitInstance.getPubKeyEd25519());
       assert(valid);
     });
+
+    await t.test("#able to export import", async function () {
+      const coreKitInstance = newCoreKitInstance();
+      await coreKitInstance.init({ handleRedirectResult: false, rehydrate: false });
+      const localToken = await mockLogin2(email);
+      await coreKitInstance.loginWithJWT({
+        verifier: "torus-test-health",
+        verifierId: email,
+        idToken: localToken.idToken,
+      });
+
+      await coreKitInstance.enableMFA({});
+      if (manualSync) {
+        await coreKitInstance.commitChanges();
+      }
+      const exportedSeed = await coreKitInstance._UNSAFE_exportTssEd25519Seed();
+
+      const coreKitInstance2 = newCoreKitInstance();
+      await coreKitInstance2.init({ handleRedirectResult: false, rehydrate: false });
+      const localToken2 = await mockLogin2(importedEmail);
+      await coreKitInstance2.loginWithJWT({
+        verifier: "torus-test-health",
+        verifierId: importedEmail,
+        idToken: localToken2.idToken,
+        importTssKey: exportedSeed.toString("hex"),
+      });
+
+      const exportedSeed2 = await coreKitInstance2._UNSAFE_exportTssEd25519Seed();
+
+      assert(exportedSeed.toString("hex") === (exportedSeed2.toString("hex")));
+    });
+
+
+
   });
 });

tests/factors.spec.ts

@@ -1,14 +1,15 @@
 import assert from "node:assert";
 import test from "node:test";
 
-import { EllipticPoint, Point } from "@tkey/common-types";
+import { EllipticPoint, KeyType, Point, secp256k1 } from "@tkey/common-types";
 import { factorKeyCurve } from "@tkey/tss";
 import { tssLib as tssLibDKLS } from "@toruslabs/tss-dkls-lib";
 import { tssLib as tssLibFROST } from "@toruslabs/tss-frost-lib";
 import BN from "bn.js";
 
-import { COREKIT_STATUS, IAsyncStorage, IStorage, MemoryStorage, TssLibType, TssShareType, WEB3AUTH_NETWORK, Web3AuthMPCCoreKit } from "../src";
+import { AsyncStorage, COREKIT_STATUS, ed25519, IAsyncStorage, IStorage, MemoryStorage, sigToRSV, TssLibType, TssShareType, WEB3AUTH_NETWORK, Web3AuthMPCCoreKit } from "../src";
 import { AsyncMemoryStorage, bufferToElliptic, criticalResetAccount, mockLogin } from "./setup";
+import { keccak256 } from "@toruslabs/metadata-helpers";
 
 type FactorTestVariable = {
   manualSync?: boolean;
@@ -28,6 +29,26 @@ function getPubKeys(kit: Web3AuthMPCCoreKit, indices: number[]): EllipticPoint[]
   return pubKeys;
 }
 
+async function signSecp256k1Data( params : { coreKitInstance: Web3AuthMPCCoreKit, msg: string, }) {
+  const {coreKitInstance, msg } = params
+  const msgBuffer1 = Buffer.from(msg);
+  const msgHash = keccak256(msgBuffer1);
+
+  const signature = sigToRSV(await coreKitInstance.sign(msgHash, true));
+
+  const pubkey = secp256k1.recoverPubKey(msgHash, signature, signature.v) as EllipticPoint;
+  const publicKeyPoint = bufferToElliptic(coreKitInstance.getPubKey());
+  assert(pubkey.eq(publicKeyPoint));
+}
+
+async function signEd25519Data(params: { coreKitInstance: Web3AuthMPCCoreKit, msg: string }) {
+  const { coreKitInstance, msg } = params;
+  const msgBuffer = Buffer.from(msg)
+  const signature = ed25519().makeSignature((await coreKitInstance.sign(msgBuffer)).toString("hex"));
+  const valid = ed25519().verify(msgBuffer, signature, coreKitInstance.getPubKeyEd25519());
+  assert(valid);
+}
+
 export const FactorManipulationTest = async (testVariable: FactorTestVariable) => {
   const { email, tssLib } = testVariable;
   const newInstance = async () => {
@@ -39,6 +60,7 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) =
       tssLib: tssLib || tssLibDKLS,
       storage: testVariable.storage,
       manualSync: testVariable.manualSync,
+      disableSessionManager: true
     });
 
     const { idToken, parsedToken } = await mockLogin(email);
@@ -55,6 +77,7 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) =
     const resetInstance = await newInstance();
     await criticalResetAccount(resetInstance);
     await resetInstance.logout();
+    await new AsyncStorage(resetInstance._storageKey, testVariable.storage).resetStore();
   }
 
   await test(`#Factor manipulation - manualSync ${testVariable.manualSync} `, async function (t) {
@@ -163,6 +186,7 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) =
       // login with mfa factor
       await instance2.inputFactorKey(new BN(recoverFactor, "hex"));
       assert.strictEqual(instance2.status, COREKIT_STATUS.LOGGED_IN);
+
       await instance2.logout();
 
       // new instance
@@ -180,16 +204,24 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) =
 
       await instance3.inputFactorKey(new BN(browserFactor, "hex"));
       assert.strictEqual(instance3.status, COREKIT_STATUS.LOGGED_IN);
+
+      if ( tssLib && tssLib.keyType === KeyType.ed25519) {
+        await signEd25519Data({ coreKitInstance: instance3, msg: "hello world" });
+      } else {
+        await signSecp256k1Data({ coreKitInstance: instance3, msg: "hello world" });
+      }
+
     });
+
   });
 };
 
 const variable: FactorTestVariable[] = [
-  { manualSync: true, storage: new MemoryStorage(), email: "testmail1012" },
-  { manualSync: false, storage: new MemoryStorage(), email: "testmail1013" },
+  { manualSync: true, storage: new MemoryStorage(), email: "testmail1012-1" },
+  { manualSync: false, storage: new MemoryStorage(), email: "testmail1013-1" },
 
-  { manualSync: true, storage: new AsyncMemoryStorage(), email: "testmail1014" },
-  { manualSync: false, storage: new AsyncMemoryStorage(), email: "testmail1015" },
+  { manualSync: true, storage: new AsyncMemoryStorage(), email: "testmail1014-1" },
+  { manualSync: false, storage: new AsyncMemoryStorage(), email: "testmail1015-1" },
 
   { manualSync: true, storage: new MemoryStorage(), email: "testmail1012ed25519", tssLib: tssLibFROST },
 ];