Merge branch 'main' into beta

.github/workflows/buf.yml

@@ -12,6 +12,9 @@ jobs:
       - uses: actions/checkout@v2
       # Install the `buf` CLI
       - uses: bufbuild/buf-setup-action@v1
+        with:
+          github_token: ${{ github.token }}
+          buf_token: ${{ secrets.BUF_TOKEN }}
       # Push only the Input in `proto` to the BSR
       - uses: bufbuild/buf-push-action@v1
         with:

.gitignore

@@ -121,3 +121,4 @@ Package.resolved
 
 # Kotlin
 kotlin/lib/src/main
+kotlin/bin

.vscode/settings.json

@@ -6,5 +6,7 @@
   "[proto3]": {
     "editor.defaultFormatter": "bufbuild.vscode-buf",
     "editor.formatOnSave": true
-  }
+  },
+  // protolint complains if lines are longer than length 80, display a ruler
+  "editor.rulers": [80]
 }

proto/message_contents/ecies.proto

@@ -0,0 +1,15 @@
+// ECIES is a wrapper for ECIES payloads
+syntax = "proto3";
+
+package xmtp.message_contents;
+
+option go_package = "github.com/xmtp/proto/v3/go/message_contents";
+option java_package = "org.xmtp.proto.message.contents";
+
+// EciesMessage is a wrapper for ECIES encrypted payloads
+message EciesMessage {
+  oneof version {
+    // Expected to be an ECIES encrypted SignedPayload
+    bytes v1 = 1;
+  }
+}

proto/message_contents/signed_payload.proto

@@ -0,0 +1,15 @@
+// Signature is a generic structure for signed byte arrays
+syntax = "proto3";
+
+package xmtp.message_contents;
+
+import "message_contents/signature.proto";
+
+option go_package = "github.com/xmtp/proto/v3/go/message_contents";
+option java_package = "org.xmtp.proto.message.contents";
+
+// SignedPayload is a wrapper for a signature and a payload
+message SignedPayload {
+  bytes payload = 1;
+  Signature signature = 2;
+}

proto/v3/message_contents/association.proto

@@ -0,0 +1,32 @@
+// Association types
+syntax = "proto3";
+
+package xmtp.v3.message_contents;
+
+option go_package = "github.com/xmtp/proto/v3/go/v3/message_contents";
+option java_package = "org.xmtp.proto.v3.message.contents";
+
+// Allows for us to update the format of the association text without
+// incrementing the entire proto
+enum AssociationTextVersion {
+  ASSOCIATION_TEXT_VERSION_UNSPECIFIED = 0;
+  ASSOCIATION_TEXT_VERSION_1 = 1;
+}
+
+// EIP191Association is used for all EIP 191 compliant wallet signatures
+message Eip191Association {
+  AssociationTextVersion association_text_version = 1;
+  RecoverableEcdsaSignature signature = 2;
+  string wallet_address = 3;
+}
+
+// RecoverableEcdsaSignature
+message RecoverableEcdsaSignature {
+  // Includes recovery id as the last byte
+  bytes bytes = 1;
+}
+
+// EdDSA signature bytes matching RFC 8032
+message EdDsaSignature {
+  bytes bytes = 1;
+}

proto/v3/message_contents/invite.proto

@@ -0,0 +1,37 @@
+// V3 invite message structure
+syntax = "proto3";
+
+package xmtp.v3.message_contents;
+
+import "v3/message_contents/public_key.proto";
+
+option go_package = "github.com/xmtp/proto/v3/go/v3/message_contents";
+option java_package = "org.xmtp.proto.v3.message.contents";
+
+// InvitationV1 is the invitation message meant to be encrypted as
+// ciphertext in InvitationEnvelopeV1 and decrypted by the recipient using the
+// provided inviter `InstallationContactBundle`
+message InvitationV1 {
+  // If the inviter contact bundle has the same wallet address as the current
+  // user, the invitee is the other wallet address in the conversation. If the
+  // inviter contact bundle has a different wallet address, the invitee wallet
+  // address MUST be the wallet address of the recipient of the invite.
+  string invitee_wallet_address = 1;
+  // TODO: Decide whether we need a Context field
+}
+
+// InvitationEnvelopeV1 is the encrypted invitation message and the contact of
+// the sender
+message InvitationEnvelopeV1 {
+  // This contains the public key that will be used to decrypt the ciphertext
+  InstallationContactBundle inviter = 1;
+  // Corresponds to an InvitationV1 message
+  bytes ciphertext = 2;
+}
+
+// Wrapper message type
+message InvitationEnvelope {
+  oneof version {
+    InvitationEnvelopeV1 v1 = 1;
+  }
+}

proto/v3/message_contents/message.proto

@@ -0,0 +1,61 @@
+// Structure for messages in v3
+syntax = "proto3";
+
+package xmtp.v3.message_contents;
+
+import "v3/message_contents/association.proto";
+
+option go_package = "github.com/xmtp/proto/v3/go/v3/message_contents";
+option java_package = "org.xmtp.proto.v3.message.contents";
+
+// Metadata that is encrypted via SealedSender and only visible to the recipient
+// Currently we do not actually encrypt this, actual implementation of
+// SealedSender will be added shortly.
+message PadlockMessageSealedMetadata {
+  string sender_user_address = 1;
+  string sender_installation_id = 2;
+  string recipient_user_address = 3;
+  string recipient_installation_id = 4;
+  bool is_prekey_message = 5;
+}
+
+// Plaintext header included with messages, visible to all
+// Recipients can verify this header has not been tampered with.
+// Servers are unable to verify if the header has been tampered with.
+message PadlockMessageHeader {
+  uint64 sent_ns = 1;
+  bytes sealed_metadata = 2; // PadlockMessageSealedMetadata
+}
+
+// The version used for the decrypted padlock message payload
+enum PadlockMessagePayloadVersion {
+  PADLOCK_MESSAGE_PAYLOAD_VERSION_UNSPECIFIED = 0;
+  PADLOCK_MESSAGE_PAYLOAD_VERSION_ONE = 1;
+}
+
+// Encrypted body included with messages, only visible to recipients
+// When receiving a message:
+// 1. Decrypt the sealed metadata in the header via SealedSender
+// 2. Verify that you match the recipient_user_address and
+//    recipient_installation_id. Verify that the sender_installation_id matches
+//    the sender_user_address.
+// 2. Find the relevant session using the sender_user_address and
+//    sender_installation_id in the unsealed metadata
+// 3. Use the session to decrypt the payload
+// 4. Verify that the header_signature in the decrypted payload was produced by
+//    signing the header_bytes with the ed25519 key matching the
+//    sender_installation_id
+// 5. Verify that both the sender_user and recipient_user are partipants of the
+//    conversation referenced by convo_id
+message PadlockMessagePayload {
+  PadlockMessagePayloadVersion message_version = 1;
+  EdDsaSignature header_signature = 2; // Signs PadlockMessageHeader
+  string convo_id = 3;
+  bytes content_bytes = 4; // EncodedContent
+}
+
+// Combines the plaintext header with the encrypted payload
+message PadlockMessageEnvelope {
+  bytes header_bytes = 1; // PadlockMessageHeader
+  bytes ciphertext = 2; // Encrypted PadlockMessagePayload
+}

proto/v3/message_contents/public_key.proto

@@ -0,0 +1,75 @@
+// Structure for representing public keys of different types,
+// including signatures used to authenticate the keys.
+syntax = "proto3";
+
+package xmtp.v3.message_contents;
+
+import "v3/message_contents/association.proto";
+
+option go_package = "github.com/xmtp/proto/v3/go/v3/message_contents";
+option java_package = "org.xmtp.proto.v3.message.contents";
+
+// An unsigned public key used by libxmtp
+message VmacUnsignedPublicKey {
+  uint64 created_ns = 1;
+
+  oneof union {
+    VodozemacCurve25519 curve25519 = 2;
+  }
+
+  // A Vodozemac curve25519 key serialized via serde
+  // (https://github.com/matrix-org/vodozemac/blob/
+  // 929bbaf325686435bdd0ed0d0cc45b0cbad3430d/src/types/curve25519.rs#L100)
+  message VodozemacCurve25519 {
+    bytes bytes = 1;
+  }
+}
+
+// A key linked to an XMTP account (e.g. signed by a wallet)
+// The purpose of the key is encoded in the signature
+message VmacAccountLinkedKey {
+  VmacUnsignedPublicKey key = 1;
+  oneof association {
+    Eip191Association eip_191 = 2;
+  }
+}
+
+// A key linked to an installation (e.g. signed by an installation identity key)
+// The purpose of the key is encoded in the signature
+message VmacInstallationLinkedKey {
+  VmacUnsignedPublicKey key = 1;
+}
+
+// A bundle of one time keys uploaded by a client, to be used as
+// input to (X)3DH exchanges with it. The server is expected to serve
+// and delete one prekey to anyone who requests one.
+// In our initial prototype we will not actually use one-time prekeys,
+// defaulting to fallback keys.
+message VmacOneTimeKeyTopupBundle {
+  VmacAccountLinkedKey identity_key = 1;
+  repeated VmacInstallationLinkedKey one_time_keys = 2;
+}
+
+// A fallback key uploaded by a client, which replaces any existing
+// fallback key. The server is expected to serve this prekey when
+// all one-time prekeys have been exhausted.
+// In our initial prototype we will always use the fallback key in place
+// of any one-time prekeys.
+message VmacFallbackKeyRotation {
+  VmacAccountLinkedKey identity_key = 1;
+  VmacInstallationLinkedKey fallback_key = 2;
+}
+
+// A contact bundle served by the server to a requesting client
+message VmacInstallationPublicKeyBundleV1 {
+  VmacAccountLinkedKey identity_key = 1;
+  VmacInstallationLinkedKey fallback_key = 2;
+}
+
+// A wrapper for versions of the installation contact bundle to allow
+// upgradeability
+message InstallationContactBundle {
+  oneof version {
+    VmacInstallationPublicKeyBundleV1 v1 = 1;
+  }
+}