Merge pull request #2 from MobileWalletProtocol/vishnu/url-encoding-fix

Encode encrypted URL params as hex string

Author: fan-zhang-sv

packages/client/package.json

@@ -15,7 +15,7 @@
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "sideEffects": false,
-  "repository": "https://github.com/MobileWalletProtocol/wallet-mobile-sdk.git",
+  "repository": "https://github.com/MobileWalletProtocol/react-native-client",
   "author": "Coinbase, Inc.",
   "license": "Apache-2.0",
   "scripts": {
@@ -77,4 +77,4 @@
     "tslib": "^2.6.0",
     "typescript": "^5.1.6"
   }
-}
+}

packages/client/src/components/communicator/webBased/Communicator.test.ts

@@ -1,6 +1,6 @@
 import * as WebBrowser from 'expo-web-browser';
 
-import { HashedContent } from './types';
+import { decodeResponseURLParams, encodeRequestURLParams } from './encoding';
 import { standardErrors } from ':core/error';
 import { MessageID, RPCRequestMessage, RPCResponseMessage } from ':core/message';
 
@@ -13,12 +13,8 @@ class WebBasedWalletCommunicatorClass {
   ): Promise<RPCResponseMessage> => {
     return new Promise((resolve, reject) => {
       // 1. generate request URL
-      const urlParams = new URLSearchParams();
-      Object.entries(request).forEach(([key, value]) => {
-        urlParams.append(key, JSON.stringify(value));
-      });
       const requestUrl = new URL(walletScheme);
-      requestUrl.search = urlParams.toString();
+      requestUrl.search = encodeRequestURLParams(request);
 
       // 2. save response
       this.responseHandlers.set(request.id, resolve);
@@ -43,22 +39,7 @@ class WebBasedWalletCommunicatorClass {
 
   handleResponse = (responseUrl: string): boolean => {
     const { searchParams } = new URL(responseUrl);
-    const parseParam = <T>(paramName: string) => {
-      return JSON.parse(searchParams.get(paramName) as string) as T;
-    };
-
-    const hashedContent = parseParam<HashedContent>('content');
-
-    // TODO: un-hash content
-    const content = hashedContent as RPCResponseMessage['content'];
-
-    const response: RPCResponseMessage = {
-      id: parseParam<MessageID>('id'),
-      sender: parseParam<string>('sender'),
-      requestId: parseParam<MessageID>('requestId'),
-      content,
-      timestamp: new Date(parseParam<string>('timestamp')),
-    };
+    const response = decodeResponseURLParams(searchParams);
 
     const handler = this.responseHandlers.get(response.requestId);
     if (handler) {

packages/client/src/components/communicator/webBased/Communicator.ts

@@ -0,0 +1,75 @@
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+
+import type { SerializedEthereumRpcError } from ':core/error';
+import type { MessageID, RPCRequestMessage, RPCResponseMessage } from ':core/message';
+
+type EncodedResponseContent =
+  | { failure: SerializedEthereumRpcError }
+  | {
+      encrypted: {
+        iv: string;
+        cipherText: string;
+      };
+    };
+
+export function decodeResponseURLParams(params: URLSearchParams): RPCResponseMessage {
+  const parseParam = <T>(paramName: string) => {
+    const encodedValue = params.get(paramName);
+    if (!encodedValue) throw new Error(`Missing parameter: ${paramName}`);
+    return JSON.parse(encodedValue) as T;
+  };
+
+  const contentParam = parseParam<EncodedResponseContent>('content');
+
+  let content: RPCResponseMessage['content'];
+  if ('failure' in contentParam) {
+    content = contentParam;
+  }
+
+  if ('encrypted' in contentParam) {
+    const { iv, cipherText } = contentParam.encrypted;
+    content = {
+      encrypted: {
+        iv: hexToBytes(iv),
+        cipherText: hexToBytes(cipherText),
+      },
+    };
+  }
+
+  return {
+    id: parseParam<MessageID>('id'),
+    sender: parseParam<string>('sender'),
+    requestId: parseParam<MessageID>('requestId'),
+    timestamp: new Date(parseParam<string>('timestamp')),
+    content: content!,
+  };
+}
+
+export function encodeRequestURLParams(request: RPCRequestMessage) {
+  const urlParams = new URLSearchParams();
+  const appendParam = (key: string, value: unknown) => {
+    urlParams.append(key, JSON.stringify(value));
+  };
+
+  appendParam('id', request.id);
+  appendParam('sender', request.sender);
+  appendParam('sdkVersion', request.sdkVersion);
+  appendParam('callbackUrl', request.callbackUrl);
+  appendParam('timestamp', request.timestamp);
+
+  if ('handshake' in request.content) {
+    appendParam('content', request.content);
+  }
+
+  if ('encrypted' in request.content) {
+    const encrypted = request.content.encrypted;
+    appendParam('content', {
+      encrypted: {
+        iv: bytesToHex(new Uint8Array(encrypted.iv)),
+        cipherText: bytesToHex(new Uint8Array(encrypted.cipherText)),
+      },
+    });
+  }
+
+  return urlParams.toString();
+}

packages/client/src/components/communicator/webBased/encoding.test.ts

@@ -289,14 +289,6 @@ describe('cipher', () => {
       _key: Uint8Array;
     };
 
-    function serializeAndDeserialize(obj: any): any {
-      Object.entries(obj).forEach(([key, value]) => {
-        obj[key] = JSON.parse(JSON.stringify(value));
-      });
-
-      return obj;
-    }
-
     beforeAll(async () => {
       const aliceKeyPair = await generateKeyPair();
       const bobKeyPair = await generateKeyPair();
@@ -315,9 +307,7 @@ describe('cipher', () => {
       expect(encrypted).toHaveProperty('iv');
       expect(encrypted).toHaveProperty('cipherText');
 
-      const transmittedContent = serializeAndDeserialize(encrypted);
-
-      const decrypted = await decryptContent<RPCRequest>(transmittedContent, sharedSecret);
+      const decrypted = await decryptContent<RPCRequest>(encrypted, sharedSecret);
       expect(decrypted).toEqual(request);
     });
 
@@ -332,9 +322,7 @@ describe('cipher', () => {
       expect(encrypted).toHaveProperty('iv');
       expect(encrypted).toHaveProperty('cipherText');
 
-      const transmittedContent = serializeAndDeserialize(encrypted);
-
-      const decrypted = await decryptContent<RPCResponse>(transmittedContent, sharedSecret);
+      const decrypted = await decryptContent<RPCResponse>(encrypted, sharedSecret);
       expect(decrypted).toEqual(response);
     });
 
@@ -352,16 +340,14 @@ describe('cipher', () => {
       expect(encrypted).toHaveProperty('iv');
       expect(encrypted).toHaveProperty('cipherText');
 
-      const transmittedContent = serializeAndDeserialize(encrypted);
-
-      const decrypted = await decryptContent<RPCResponse>(transmittedContent, sharedSecret);
+      const decrypted = await decryptContent<RPCResponse>(encrypted, sharedSecret);
       expect(decrypted).toEqual(errorResponse);
     });
 
     it('should throw an error when decrypting invalid data', async () => {
       const invalidEncryptedData = {
-        iv: { 0: 1, 1: 2, 2: 3 },
-        cipherText: { 0: 4, 1: 5, 2: 6 },
+        iv: new Uint8Array([1, 2, 3]),
+        cipherText: new Uint8Array([4, 5, 6]),
       };
 
       await expect(decryptContent(invalidEncryptedData, sharedSecret)).rejects.toThrow();

packages/client/src/components/communicator/webBased/encoding.ts

@@ -143,25 +143,12 @@ export async function encryptContent(
 
 export async function decryptContent<R extends RPCRequest | RPCResponse>(
   encryptedData: {
-    // TODO: this is temp
-    iv: unknown;
-    cipherText: unknown;
+    iv: Uint8Array;
+    cipherText: Uint8Array;
   },
   sharedSecret: CryptoKey
 ): Promise<R> {
-  function convertObjectToUint8Array(obj: Record<string, number>): Uint8Array {
-    const sortedValues = Object.entries(obj)
-      .sort(([a], [b]) => parseInt(a) - parseInt(b))
-      .map(([_, value]) => value);
-    return new Uint8Array(sortedValues);
-  }
-
-  return JSON.parse(
-    await decrypt(sharedSecret, {
-      iv: convertObjectToUint8Array(encryptedData.iv as Record<string, number>),
-      cipherText: convertObjectToUint8Array(encryptedData.cipherText as Record<string, number>),
-    })
-  );
+  return JSON.parse(await decrypt(sharedSecret, encryptedData));
 }
 
 function encodeLength(length: number): Uint8Array {