refactor(ocapn): include id and descriptor in public key object

Author: kumavis

packages/ocapn/src/client/index.js

@@ -1,8 +1,8 @@
 // @ts-check
 
 /**
- * @import { OcapnLocation, OcapnPublicKeyData, OcapnSignature } from '../codecs/components.js'
- * @import { OcapnKeyPair, OcapnPublicKey } from '../cryptography.js'
+ * @import { OcapnLocation, OcapnSignature } from '../codecs/components.js'
+ * @import { OcapnPublicKey } from '../cryptography.js'
  * @import { GrantTracker, Ocapn } from './ocapn.js'
  * @import { Client, Connection, LocationId, Logger, NetLayer, PendingSession, SelfIdentity, Session, SessionManager } from './types.js'
  */
@@ -14,10 +14,8 @@ import {
   writeOcapnHandshakeMessage,
 } from '../codecs/operations.js';
 import {
-  makePublicKeyId,
   makeOcapnKeyPair,
   makeOcapnPublicKey,
-  publicKeyToPublicKeyData,
   makeSessionId,
 } from '../cryptography.js';
 import { OcapnMyLocationCodec } from '../codecs/components.js';
@@ -99,7 +97,7 @@ export const sendHello = (connection, mySessionData) => {
   const opStartSession = {
     type: 'op:start-session',
     captpVersion: '1.0',
-    sessionPublicKey: publicKeyToPublicKeyData(keyPair.publicKey),
+    sessionPublicKey: keyPair.publicKey.descriptor,
     location,
     locationSignature,
   };
@@ -119,8 +117,8 @@ const compareSessionKeysForCrossedHellos = (
   incommingPublicKey,
 ) => {
   const outgoingPublicKey = outgoingConnection.selfIdentity.keyPair.publicKey;
-  const outgoingId = makePublicKeyId(outgoingPublicKey);
-  const incommingId = makePublicKeyId(incommingPublicKey);
+  const outgoingId = outgoingPublicKey.id;
+  const incommingId = incommingPublicKey.id;
   const result = compareByteArrays(
     outgoingId,
     incommingId,
@@ -243,9 +241,10 @@ const handleSessionHandshakeMessage = (
 
       // Create session
       const { selfIdentity } = connection;
-      const selfId = makePublicKeyId(selfIdentity.keyPair.publicKey);
-      const peerId = makePublicKeyId(peerPublicKey);
-      const sessionId = makeSessionId(selfId, peerId);
+      const sessionId = makeSessionId(
+        selfIdentity.keyPair.publicKey.id,
+        peerPublicKey.id,
+      );
       const ocapn = makeOcapn(
         logger,
         connection,

packages/ocapn/src/client/ocapn.js

@@ -31,9 +31,7 @@ import { getSelectorName, makeSelector } from '../pass-style-helpers.js';
 import { decodeSyrup } from '../syrup/js-representation.js';
 import { decodeSwissnum, locationToLocationId, toHex } from './util.js';
 import {
-  makePublicKeyId,
-  publicKeyDataToPublicKey,
-  publicKeyToPublicKeyData,
+  publicKeyDescriptorToPublicKey,
   randomGiftId,
 } from '../cryptography.js';
 import { compareByteArrays } from '../syrup/compare.js';
@@ -608,14 +606,12 @@ export const makeTableKit = (
       const {
         peer: { publicKey: receiverPublicKeyForGifter },
       } = gifterReceiverSession;
-      const gifterSideId = makePublicKeyId(
-        gifterExporterSession.self.keyPair.publicKey,
-      );
+      const gifterSideId = gifterExporterSession.self.keyPair.publicKey.id;
       const giftId = randomGiftId();
       /** @type {HandoffGive} */
       const handoffGive = {
         type: 'desc:handoff-give',
-        receiverKey: publicKeyToPublicKeyData(receiverPublicKeyForGifter),
+        receiverKey: receiverPublicKeyForGifter.descriptor,
         exporterLocation,
         exporterSessionId: gifterExporterSessionId,
         gifterSideId,
@@ -721,7 +717,7 @@ const makeBootstrapObject = (
           `${label}: Bootstrap withdraw-gift: No peer public key for session id: ${toHex(sessionId)}. This should never happen.`,
         );
       }
-      const peerIdFromSession = makePublicKeyId(peerPublicKey);
+      const peerIdFromSession = peerPublicKey.id;
       if (
         compareByteArrays(peerIdFromSession, peerIdFromHandoffReceive) !== 0
       ) {
@@ -753,7 +749,7 @@ const makeBootstrapObject = (
 
       // Verify HandoffReceive
       const handoffReceiveBytes = serializeHandoffReceive(handoffReceive);
-      const receiverKeyForGifter = publicKeyDataToPublicKey(
+      const receiverKeyForGifter = publicKeyDescriptorToPublicKey(
         receiverKeyDataForGifter,
       );
       const handoffReceiveIsValid = receiverKeyForGifter.verify(
@@ -1098,9 +1094,7 @@ export const makeOcapn = (
           id: receiverExporterSessionId,
           self: { keyPair: receiverKeyForExporter },
         } = receiverExporterSession;
-        const receiverPeerIdForExporter = makePublicKeyId(
-          receiverKeyForExporter.publicKey,
-        );
+        const receiverPeerIdForExporter = receiverKeyForExporter.publicKey.id;
         const {
           self: { keyPair: receiverGifterKey },
         } = receiverGifterSession;

packages/ocapn/src/codecs/components.js

@@ -99,7 +99,7 @@ export const OcapnSignatureCodec = makeOcapnListComponentCodec(
 );
 
 /**
- * @typedef {object} OcapnPublicKeyData
+ * @typedef {object} OcapnPublicKeyDescriptor
  * @property {'public-key'} type
  * @property {'ecc'} scheme
  * @property {'Ed25519'} curve

packages/ocapn/src/codecs/descriptors.js

@@ -5,7 +5,7 @@
  * @import { SyrupCodec, SyrupRecordCodec, SyrupRecordUnionCodec } from '../syrup/codec.js'
  * @import { SyrupReader } from '../syrup/decode.js'
  * @import { SyrupWriter } from '../syrup/encode.js'
- * @import { OcapnLocation, OcapnPublicKeyData, OcapnSignature } from './components.js'
+ * @import { OcapnLocation, OcapnPublicKeyDescriptor, OcapnSignature } from './components.js'
  * @import { OcapnPublicKey, OcapnKeyPair } from '../cryptography.js'
  */
 
@@ -37,7 +37,7 @@ import { makeSyrupWriter } from '../syrup/encode.js';
 /**
  * @typedef {object} HandoffGive
  * @property {'desc:handoff-give'} type
- * @property {OcapnPublicKeyData} receiverKey
+ * @property {OcapnPublicKeyDescriptor} receiverKey
  * @property {OcapnLocation} exporterLocation
  * @property {Uint8Array} exporterSessionId
  * @property {Uint8Array} gifterSideId

packages/ocapn/src/cryptography.js

@@ -9,14 +9,16 @@ import { OcapnPublicKeyCodec } from './codecs/components.js';
 import { compareByteArrays } from './syrup/compare.js';
 
 /**
- * @import { OcapnPublicKeyData, OcapnSignature } from './codecs/components.js'
+ * @import { OcapnPublicKeyDescriptor, OcapnSignature } from './codecs/components.js'
  */
 
 const textEncoder = new TextEncoder();
 
 /**
  * @typedef {object} OcapnPublicKey
+ * @property {Uint8Array} id
  * @property {Uint8Array} bytes
+ * @property {OcapnPublicKeyDescriptor} descriptor
  * @property {(msg: Uint8Array, sig: OcapnSignature) => boolean} verify
  */
 
@@ -38,34 +40,71 @@ export const ocapNSignatureToBytes = sig => {
 };
 
 /**
- * @param {Uint8Array} publicKey
- * @returns {OcapnPublicKey}
+ * @param {Uint8Array} publicKeyBytes
+ * @returns {OcapnPublicKeyDescriptor}
  */
-export const makeOcapnPublicKey = publicKey => {
+const makePublicKeyDescriptor = publicKeyBytes => {
   return {
-    bytes: publicKey,
+    type: 'public-key',
+    scheme: 'ecc',
+    curve: 'Ed25519',
+    flags: 'eddsa',
+    q: publicKeyBytes,
+  };
+};
+
+/**
+ * @param {OcapnPublicKeyDescriptor} publicKeyDescriptor
+ * @returns {Uint8Array}
+ */
+const publicKeyDescriptorToEncodedBytes = publicKeyDescriptor => {
+  const syrupWriter = makeSyrupWriter();
+  OcapnPublicKeyCodec.write(publicKeyDescriptor, syrupWriter);
+  return syrupWriter.getBytes();
+};
+
+/**
+ * @param {OcapnPublicKeyDescriptor} publicKeyDescriptor
+ * @returns {Uint8Array}
+ */
+const makePublicKeyIdFromDescriptor = publicKeyDescriptor => {
+  const publicKeyEncoded =
+    publicKeyDescriptorToEncodedBytes(publicKeyDescriptor);
+  return sha256(sha256(publicKeyEncoded));
+};
+
+/**
+ * @param {Uint8Array} publicKeyBytes
+ * @returns {OcapnPublicKey}
+ */
+export const makeOcapnPublicKey = publicKeyBytes => {
+  const publicKeyDescriptor = makePublicKeyDescriptor(publicKeyBytes);
+  return harden({
+    id: makePublicKeyIdFromDescriptor(publicKeyDescriptor),
+    bytes: publicKeyBytes,
+    descriptor: publicKeyDescriptor,
     /**
      * @param {Uint8Array} msgBytes
      * @param {OcapnSignature} ocapnSig
      * @returns {boolean}
      */
     verify: (msgBytes, ocapnSig) => {
       const sigBytes = ocapNSignatureToBytes(ocapnSig);
-      return ed25519.verify(sigBytes, msgBytes, publicKey);
+      return ed25519.verify(sigBytes, msgBytes, publicKeyBytes);
     },
-  };
+  });
 };
 
 /**
  * @returns {OcapnKeyPair}
  */
 export const makeOcapnKeyPair = () => {
-  const privateKey = ed25519.utils.randomPrivateKey();
-  const publicKey = ed25519.getPublicKey(privateKey);
+  const privateKeyBytes = ed25519.utils.randomPrivateKey();
+  const publicKeyBytes = ed25519.getPublicKey(privateKeyBytes);
   return {
-    publicKey: makeOcapnPublicKey(publicKey),
+    publicKey: makeOcapnPublicKey(publicKeyBytes),
     sign: msg => {
-      const sigBytes = ed25519.sign(msg, privateKey);
+      const sigBytes = ed25519.sign(msg, privateKeyBytes);
       return {
         type: 'sig-val',
         scheme: 'eddsa',
@@ -77,46 +116,26 @@ export const makeOcapnKeyPair = () => {
 };
 
 /**
- * @param {OcapnPublicKey} publicKey
- * @returns {OcapnPublicKeyData}
- */
-export const publicKeyToPublicKeyData = publicKey => {
-  return {
-    type: 'public-key',
-    scheme: 'ecc',
-    curve: 'Ed25519',
-    flags: 'eddsa',
-    q: publicKey.bytes,
-  };
-};
-
-/**
- * @param {OcapnPublicKeyData} publicKeyData
+ * @param {OcapnPublicKeyDescriptor} publicKeyDescriptor
  * @returns {OcapnPublicKey}
  */
-export const publicKeyDataToPublicKey = publicKeyData => {
-  return makeOcapnPublicKey(publicKeyData.q);
-};
-
-/**
- * @param {OcapnPublicKeyData} publicKeyData
- * @returns {Uint8Array}
- */
-const publicKeyDataToEncodedBytes = publicKeyData => {
-  const syrupWriter = makeSyrupWriter();
-  OcapnPublicKeyCodec.write(publicKeyData, syrupWriter);
-  return syrupWriter.getBytes();
-};
-
-/**
- * @param {OcapnPublicKey} publicKey
- * @returns {Uint8Array}
- */
-export const makePublicKeyId = publicKey => {
-  const publicKeyData = publicKeyToPublicKeyData(publicKey);
-  const publicKeyEncoded = publicKeyDataToEncodedBytes(publicKeyData);
-  // Double SHA256 hash of the public key
-  return sha256(sha256(publicKeyEncoded));
+export const publicKeyDescriptorToPublicKey = publicKeyDescriptor => {
+  if (publicKeyDescriptor.type !== 'public-key') {
+    throw new Error('Invalid public key descriptor: Unexpected type');
+  }
+  if (publicKeyDescriptor.scheme !== 'ecc') {
+    throw new Error('Invalid public key descriptor: Unexpected scheme');
+  }
+  if (publicKeyDescriptor.curve !== 'Ed25519') {
+    throw new Error('Invalid public key descriptor: Unexpected curve');
+  }
+  if (publicKeyDescriptor.flags !== 'eddsa') {
+    throw new Error('Invalid public key descriptor: Unexpected flags');
+  }
+  if (publicKeyDescriptor.q.length !== 32) {
+    throw new Error('Invalid public key descriptor: Unexpected q length');
+  }
+  return makeOcapnPublicKey(publicKeyDescriptor.q);
 };
 
 /**
@@ -125,7 +144,6 @@ export const makePublicKeyId = publicKey => {
  * @returns {Uint8Array}
  */
 export const makeSessionId = (peerIdOne, peerIdTwo) => {
-  // Calculate the ID of each side using the process described above.
   // Sort both IDs based on the resulting octets
   const result = compareByteArrays(
     peerIdOne,

packages/ocapn/test/codecs/components.test.js

@@ -2,7 +2,7 @@
 
 /**
  * @import { CodecTestEntry } from './_codecs_util.js'
- * @import { OcapnLocation, OcapnPublicKeyData, OcapnSignature } from '../../src/codecs/components.js'
+ * @import { OcapnLocation, OcapnPublicKeyDescriptor, OcapnSignature } from '../../src/codecs/components.js'
  */
 
 import test from '@endo/ses-ava/test.js';
@@ -45,7 +45,7 @@ const table = [
   },
   {
     syrup: makePubKey(examplePubKeyQBytes),
-    value: /** @type {OcapnPublicKeyData} */ ({
+    value: /** @type {OcapnPublicKeyDescriptor} */ ({
       type: 'public-key',
       scheme: 'ecc',
       curve: 'Ed25519',