Merge pull request #101 from xmtp/xmtpv3

Merge V3 into main

.github/workflows/buf.yml

@@ -12,6 +12,9 @@ jobs:
       - uses: actions/checkout@v2
       # Install the `buf` CLI
       - uses: bufbuild/buf-setup-action@v1
+        with:
+          github_token: ${{ github.token }}
+          buf_token: ${{ secrets.BUF_TOKEN }}
       # Push only the Input in `proto` to the BSR
       - uses: bufbuild/buf-push-action@v1
         with:

.gitignore

@@ -121,3 +121,4 @@ Package.resolved
 
 # Kotlin
 kotlin/lib/src/main
+kotlin/bin

.vscode/settings.json

@@ -4,5 +4,7 @@
         "options": [
             "--proto_path=build/tmp/vendor",
         ]
-    }
-}
+    },
+    // protolint complains if lines are longer than length 80, display a ruler
+    "editor.rulers": [80]
+}

proto/message_contents/ecies.proto

@@ -0,0 +1,15 @@
+// ECIES is a wrapper for ECIES payloads
+syntax = "proto3";
+
+package xmtp.message_contents;
+
+option go_package = "github.com/xmtp/proto/v3/go/message_contents";
+option java_package = "org.xmtp.proto.message.contents";
+
+// EciesMessage is a wrapper for ECIES encrypted payloads
+message EciesMessage {
+    oneof version {
+        // Expected to be an ECIES encrypted SignedPayload
+        bytes v1 = 1;
+    }
+}

proto/message_contents/signed_payload.proto

@@ -0,0 +1,15 @@
+// Signature is a generic structure for signed byte arrays
+syntax = "proto3";
+
+package xmtp.message_contents;
+
+import "message_contents/signature.proto";
+
+option go_package = "github.com/xmtp/proto/v3/go/message_contents";
+option java_package = "org.xmtp.proto.message.contents";
+
+// SignedPayload is a wrapper for a signature and a payload
+message SignedPayload {
+    bytes payload = 1;
+    Signature signature = 2;
+}

proto/v3/message_contents/association.proto

@@ -0,0 +1,32 @@
+// Association types
+syntax = "proto3";
+
+package xmtp.v3.message_contents;
+
+option go_package = "github.com/xmtp/proto/v3/go/v3/message_contents";
+option java_package = "org.xmtp.proto.v3.message.contents";
+
+// Allows for us to update the format of the association text without
+// incrementing the entire proto
+enum AssociationTextVersion {
+    ASSOCIATION_TEXT_VERSION_UNSPECIFIED = 0;
+    ASSOCIATION_TEXT_VERSION_1 = 1;
+}
+
+// EIP191Association is used for all EIP 191 compliant wallet signatures
+message Eip191Association {
+    AssociationTextVersion association_text_version = 1;
+    RecoverableEcdsaSignature signature = 2;
+    string wallet_address = 3;
+}
+
+// RecoverableEcdsaSignature
+message RecoverableEcdsaSignature {
+    // Includes recovery id as the last byte
+    bytes bytes = 1;
+}
+
+// EdDSA signature bytes matching RFC 8032
+message EdDsaSignature {
+    bytes bytes = 1;
+}

proto/v3/message_contents/invite.proto

@@ -0,0 +1,37 @@
+// V3 invite message structure
+syntax = "proto3";
+
+package xmtp.v3.message_contents;
+
+import "v3/message_contents/public_key.proto";
+
+option go_package = "github.com/xmtp/proto/v3/go/v3/message_contents";
+option java_package = "org.xmtp.proto.v3.message.contents";
+
+// InvitationV1 is the invitation message meant to be encrypted as
+// ciphertext in InvitationEnvelopeV1 and decrypted by the recipient using the
+// provided inviter `InstallationContactBundle`
+message InvitationV1 {
+    // If the inviter contact bundle has the same wallet address as the current
+    // user, the invitee is the other wallet address in the conversation. If the
+    // inviter contact bundle has a different wallet address, the invitee wallet
+    // address MUST be the wallet address of the recipient of the invite.
+    string invitee_wallet_address = 1;
+    // TODO: Decide whether we need a Context field
+}
+
+// InvitationEnvelopeV1 is the encrypted invitation message and the contact of
+// the sender
+message InvitationEnvelopeV1 {
+    // This contains the public key that will be used to decrypt the ciphertext
+    InstallationContactBundle inviter = 1;
+    // Corresponds to an InvitationV1 message
+    bytes ciphertext = 2;
+}
+
+// Wrapper message type
+message InvitationEnvelope {
+    oneof version {
+        InvitationEnvelopeV1 v1 = 1;
+    }
+}

proto/v3/message_contents/message.proto

@@ -0,0 +1,61 @@
+// Structure for messages in v3
+syntax = "proto3";
+
+package xmtp.v3.message_contents;
+
+import "v3/message_contents/association.proto";
+
+option go_package = "github.com/xmtp/proto/v3/go/v3/message_contents";
+option java_package = "org.xmtp.proto.v3.message.contents";
+
+// Metadata that is encrypted via SealedSender and only visible to the recipient
+// Currently we do not actually encrypt this, actual implementation of
+// SealedSender will be added shortly.
+message PadlockMessageSealedMetadata {
+    string sender_user_address = 1;
+    string sender_installation_id = 2;
+    string recipient_user_address = 3;
+    string recipient_installation_id = 4;
+    bool is_prekey_message = 5;
+}
+
+// Plaintext header included with messages, visible to all
+// Recipients can verify this header has not been tampered with.
+// Servers are unable to verify if the header has been tampered with.
+message PadlockMessageHeader {
+    uint64 sent_ns = 1;
+    bytes sealed_metadata = 2;  // PadlockMessageSealedMetadata
+}
+
+// The version used for the decrypted padlock message payload
+enum PadlockMessagePayloadVersion {
+    PADLOCK_MESSAGE_PAYLOAD_VERSION_UNSPECIFIED = 0;
+    PADLOCK_MESSAGE_PAYLOAD_VERSION_ONE = 1;
+}
+
+// Encrypted body included with messages, only visible to recipients
+// When receiving a message:
+// 1. Decrypt the sealed metadata in the header via SealedSender
+// 2. Verify that you match the recipient_user_address and
+//    recipient_installation_id. Verify that the sender_installation_id matches
+//    the sender_user_address.
+// 2. Find the relevant session using the sender_user_address and
+//    sender_installation_id in the unsealed metadata
+// 3. Use the session to decrypt the payload
+// 4. Verify that the header_signature in the decrypted payload was produced by
+//    signing the header_bytes with the ed25519 key matching the
+//    sender_installation_id
+// 5. Verify that both the sender_user and recipient_user are partipants of the
+//    conversation referenced by convo_id
+message PadlockMessagePayload {
+    PadlockMessagePayloadVersion message_version = 1;
+    EdDsaSignature header_signature = 2;    // Signs PadlockMessageHeader
+    string convo_id = 3;
+    bytes content_bytes = 4;                // EncodedContent
+}
+
+// Combines the plaintext header with the encrypted payload
+message PadlockMessageEnvelope {
+    bytes header_bytes = 1;     // PadlockMessageHeader
+    bytes ciphertext = 2;       // Encrypted PadlockMessagePayload
+}