Support for is_sender verification for push notifications via HMAC

xmtp / libxmtp

LibXMTP is a shared library encapsulating the core functionality of the XMTP messaging protocol, such as cryptography, networking, and language bindings.

MIT License

47 stars 20 forks source link

Support for is_sender verification for push notifications via HMAC #422

Open neekolas opened 10 months ago

neekolas commented 10 months ago

Emulate the HMAC support currently for V2 Conversations for Groups.

[ ] Add a method to conversations to get all hmac keys client.conversations.getHmacKeys() that returns the proto GetConversationHmacKeysResponse
- [ ] The HMAC key is derived Hkdf.computeHkdf("HMACSHA256", secret, salt, info, 32) where the secret is the conversation key material
[ ] Build encoded messages that attach a HMAC key to each message sent
- [ ] See android here: https://github.com/xmtp/xmtp-android/blob/main/library/src/main/java/org/xmtp/android/library/messages/MessageV2.kt#L160-L164

### Tasks
- [ ] Add support to LibXMTP
- [ ] Add support to Android
- [ ] Add support to iOS
- [ ] Add support to RN
- [ ] Add support to the ExampleNotification server

nplasterer commented 7 months ago

We had a great conversation today about how this could be implemented and decided with a solution to derive a key from the user using private preferences. This will all take place in the SDK level and shouldn't include libxmtp changes.

The main take away is that this will not be a breaking change and this can be moved to a nice to have for group chat.

Tasks

rotate hmac keys on revocation of a installation
on add installation check to see if a hmac key exists and if not create one otherwise use the existing key
add a new private preference type to the protos
Derive the key from 30 days since epoch.
- Currently a topic to hmac key map — keep this but all V3 keys will be the same
- No hmac key per group. No real benefit.

richardhuaaa commented 6 months ago

More info about private preferences in V2, used to store consent state (whether a given conversation should be hidden or shown, e.g. if it is spam that we don't want): https://community.xmtp.org/t/xip-42-universal-allow-and-block-preferences/544

Private preferences are simply a way of synchronizing state for a user, regardless of how many apps/installations they log onto.

Protos: https://github.com/xmtp/proto/blob/680f80288dd62824018342342ecb40b0fae49f8d/proto/message_contents/private_preferences.proto#L16

nplasterer commented 3 months ago

We need to make sure the message history server backing this syncs automatically in instances where other installations are online.