From 5542492a328161b6d68dd0fad049a6d8762de452 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Sun, 9 Jul 2023 18:39:05 +0300
Subject: [PATCH] Further simplify refresh request signing

---
 libgm/binary/messages.pb.go      |  8 ++++----
 libgm/binary/raw/messages.proto  |  2 +-
 libgm/client.go                  |  2 --
 libgm/crypto/signer.go           | 19 ++++---------------
 libgm/payload/registerRefresh.go |  4 ++--
 5 files changed, 11 insertions(+), 24 deletions(-)

diff --git a/libgm/binary/messages.pb.go b/libgm/binary/messages.pb.go
index abfdf2f..479402c 100644
--- a/libgm/binary/messages.pb.go
+++ b/libgm/binary/messages.pb.go
@@ -202,7 +202,7 @@ type RegisterRefreshPayload struct {
 	MessageAuth       *AuthMessage     `protobuf:"bytes,1,opt,name=messageAuth,proto3" json:"messageAuth,omitempty"`
 	CurrBrowserDevice *Device          `protobuf:"bytes,2,opt,name=currBrowserDevice,proto3" json:"currBrowserDevice,omitempty"`
 	UnixTimestamp     int64            `protobuf:"varint,3,opt,name=unixTimestamp,proto3" json:"unixTimestamp,omitempty"`
-	Signature         string           `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"`
+	Signature         []byte           `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"`
 	EmptyRefreshArr   *EmptyRefreshArr `protobuf:"bytes,13,opt,name=emptyRefreshArr,proto3" json:"emptyRefreshArr,omitempty"`
 	MessageType       int32            `protobuf:"varint,16,opt,name=messageType,proto3" json:"messageType,omitempty"`
 }
@@ -260,11 +260,11 @@ func (x *RegisterRefreshPayload) GetUnixTimestamp() int64 {
 	return 0
 }
 
-func (x *RegisterRefreshPayload) GetSignature() string {
+func (x *RegisterRefreshPayload) GetSignature() []byte {
 	if x != nil {
 		return x.Signature
 	}
-	return ""
+	return nil
 }
 
 func (x *RegisterRefreshPayload) GetEmptyRefreshArr() *EmptyRefreshArr {
@@ -1481,7 +1481,7 @@ var file_messages_proto_rawDesc = []byte{
 	0x0a, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18,
 	0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x54, 0x69, 0x6d, 0x65, 0x73,
 	0x74, 0x61, 0x6d, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
-	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
+	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
 	0x72, 0x65, 0x12, 0x43, 0x0a, 0x0f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72, 0x65,
 	0x73, 0x68, 0x41, 0x72, 0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x6d, 0x65,
 	0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72,
diff --git a/libgm/binary/raw/messages.proto b/libgm/binary/raw/messages.proto
index 41064e8..f031977 100644
--- a/libgm/binary/raw/messages.proto
+++ b/libgm/binary/raw/messages.proto
@@ -7,7 +7,7 @@ message RegisterRefreshPayload {
     AuthMessage messageAuth = 1;
     Device currBrowserDevice = 2;
     int64 unixTimestamp = 3;
-    string signature = 4;
+    bytes signature = 4;
     EmptyRefreshArr emptyRefreshArr = 13;
     int32 messageType = 16;
 }
diff --git a/libgm/client.go b/libgm/client.go
index fc64347..76f25e4 100644
--- a/libgm/client.go
+++ b/libgm/client.go
@@ -406,8 +406,6 @@ func (c *Client) refreshAuthToken() error {
 		return fmt.Errorf("failed to refresh auth token: something happened")
 	}
 
-	c.Logger.Error().Any("expiry", resp.GetTokenData().GetValidFor()).Msg("TACHYON TOKEN VALID FOR")
-
 	c.updateTachyonAuthToken(token)
 	c.triggerEvent(events.NewAuthTokenRefreshed(token))
 	return nil
diff --git a/libgm/crypto/signer.go b/libgm/crypto/signer.go
index 4d8bfdd..0ced517 100644
--- a/libgm/crypto/signer.go
+++ b/libgm/crypto/signer.go
@@ -4,27 +4,16 @@ import (
 	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/sha256"
-	"encoding/base64"
 	"fmt"
 )
 
-func (t *JWK) SignRequest(requestId string, timestamp int64) (string, error) {
-	signBytes := []byte(fmt.Sprintf("%s:%d", requestId, timestamp))
+func (t *JWK) SignRequest(requestID string, timestamp int64) ([]byte, error) {
+	signBytes := sha256.Sum256([]byte(fmt.Sprintf("%s:%d", requestID, timestamp)))
 
 	privKey, privErr := t.GetPrivateKey()
 	if privErr != nil {
-		return "", privErr
+		return nil, privErr
 	}
 
-	signature, sigErr := t.sign(privKey, signBytes)
-	if sigErr != nil {
-		return "", sigErr
-	}
-	encodedSignature := base64.StdEncoding.EncodeToString(signature)
-	return encodedSignature, nil
-}
-
-func (t *JWK) sign(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
-	hash := sha256.Sum256(msg)
-	return ecdsa.SignASN1(rand.Reader, key, hash[:])
+	return ecdsa.SignASN1(rand.Reader, privKey, signBytes[:])
 }
diff --git a/libgm/payload/registerRefresh.go b/libgm/payload/registerRefresh.go
index 5297122..ed26aef 100644
--- a/libgm/payload/registerRefresh.go
+++ b/libgm/payload/registerRefresh.go
@@ -7,10 +7,10 @@ import (
 	"go.mau.fi/mautrix-gmessages/libgm/pblite"
 )
 
-func RegisterRefresh(sig string, requestId string, timestamp int64, browser *binary.Device, tachyonAuthToken []byte) ([]byte, error) {
+func RegisterRefresh(sig []byte, requestID string, timestamp int64, browser *binary.Device, tachyonAuthToken []byte) ([]byte, error) {
 	payload := &binary.RegisterRefreshPayload{
 		MessageAuth: &binary.AuthMessage{
-			RequestID:        requestId,
+			RequestID:        requestID,
 			TachyonAuthToken: tachyonAuthToken,
 			ConfigVersion:    ConfigMessage,
 		},