fixup! add toncoin docs

nervosnetwork · Nov 23, 2023 · 593f723 · 593f723
1 parent a0f6c59
commit 593f723
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 8 deletions.
diff --git a/docs/auth.md b/docs/auth.md
@@ -154,7 +154,14 @@ Key parameters:
 - pubkey: 32 compressed pubkey.
 - pubkey hash: sha256 and ripemd160 of pubkey, refer to [ckb-auth-cli ripple parse](../tools/ckb-auth-cli/src/ripple.rs).
 
-...
+#### Toncoin (algorithm_id=16)
+The witness of a valid toncoin transaction should be a sequence of the following data.
+The whole length of the witness must be exactly 512. If there are any space left, pad it with zero.
+
+- size of the following data combined (little-endian `uint16_t`)
+- signature
+- public key
+- the message without prefix and payload
 
 ### Low Level APIs
 

diff --git a/docs/toncoin.md b/docs/toncoin.md
@@ -14,7 +14,10 @@ In order to sign CKB transactions with toncoin, we need to create
 with the wallet extension/app, which is an ed25519 signature to
 an message related to CKB transaction.
 
-Writing in pseudo-code, the signing process is
+We need to follow the instructions from [Signing and Verification | The Open Network](https://docs.ton.org/develop/dapps/ton-connect/sign),
+create an javascript application to talk to the browser extension and then ask the extension to create a valid ton_proof for the message `hex(sighash_all)` (i.e. the hex string of the result of [generate_sighash_all](https://github.com/nervosnetwork/ckb-auth/pull/22)).
+
+Under the hood, ton wallet extension would create a ed25519 signature as follows
 
 ```
 signature = Ed25519Sign(privkey, sha256(0xffff ++ utf8_encode("ton-connect") ++ sha256(message)))
@@ -32,7 +35,7 @@ Prefix = 18 bytes "ton-proof-item-v2/" string without trailing null
 Address = Big endian work chain (uint32) + address (32 bytes)
 AppDomain = Little endian domain length (uint32) + domain (string without trailling null)
 Timestamp = Epoch seconds Little endian uint64
-Payload = Arbitrary bytes, we use block hash here
+Payload = Arbitrary bytes, we use the result of applying sighash_all to the transaction here
 ```
 
 Below is a sample of `ton_proof` created by [Tonkeeper](https://tonkeeper.com/) to 
@@ -70,7 +73,7 @@ In this example, the message to be signed is
 where `message` is the concatenation of 
 
 ```
-746f6e2d70726f6f662d6974656d2d7632 (prefix "ton-proof-item-v2")
+746f6e2d70726f6f662d6974656d2d76322f (prefix "ton-proof-item-v2/")
 00000000 (work chain)
 a0b96c234f6dede6d56df40ca81315bb73c30d1a9d9f8fbc14d440c73ef6d510 (address)
 0a000000 (domain length)
@@ -79,18 +82,18 @@ b2be426500000000 (timestamp)
 payload 67656d73 (payload "gems")
 ```
 
-A valid CKB transaction is one valid `ton_proof` created with ckb block hash
-as payload.
+A valid CKB transaction is one valid `ton_proof` created with ckb sighash_all result as payload.
 
 # Required information for ckb-auth to verify the validity of `ton_proof`
 
 Ckb-auth requires the signature, public key and `message` structure above without payload
-(payload is assumed to be block hash in valid CKB transaction)
+(payload is assumed to be sighash_all result in valid CKB transaction)
 to verify the validity of the signature.
 
 Given the above `ton_proof` a valid transaction witness can be constructed as follows.
 
 Since the size of the witness is not static (as the message is dynamically-sized) and
 its length is relevant in computing transaction hash. We pad the whole witness to a memory region of size
 512. The first part of these memory region is a little-endian `uint16_t` integer represents the length of
-the effective witness. From there follows the signature and public key, finally the message without payload.
+the effective witness. From there follows the signature and public key, finally the message without prefix and payload,
+i.e. Address ++ AppDomain ++ Timestamp above.