Add sender HMAC to MessageV2

Package.resolved

@@ -41,8 +41,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/xmtp/libxmtp-swift",
       "state" : {
-        "branch" : "ccbf6ac",
-        "revision" : "ccbf6ac71b8c5a89c3078d8dc4057123bea8a291"
+        "branch" : "92274fe",
+        "revision" : "92274fe0dde1fc7f8f716ebcffa3d252813be56d"
       }
     },
     {

Sources/XMTPiOS/Codecs/AttachmentCodec.swift

@@ -59,4 +59,8 @@ public struct AttachmentCodec: ContentCodec {
     public func fallback(content: Attachment) throws -> String? {
         return "Can’t display “\(content.filename)”. This app doesn’t support attachments."
     }
+
+	public func shouldPush(content: Attachment) throws -> Bool {
+		return true
+	}
 }

Sources/XMTPiOS/Codecs/Composite.swift

@@ -45,6 +45,10 @@ struct CompositeCodec: ContentCodec {
     public func fallback(content: DecodedComposite) throws -> String? {
         return nil
     }
+
+	public func shouldPush(content: DecodedComposite) throws -> Bool {
+		return false
+	}
 
 	func toComposite(content decodedComposite: DecodedComposite) -> Composite {
 		var composite = Composite()

Sources/XMTPiOS/Codecs/ContentCodec.swift

@@ -72,6 +72,7 @@ public protocol ContentCodec: Hashable, Equatable {
 	func encode(content: T, client: Client) throws -> EncodedContent
 	func decode(content: EncodedContent, client: Client) throws -> T
 	func fallback(content: T) throws -> String?
+	func shouldPush(content: T) throws -> Bool
 }
 
 public extension ContentCodec {

Sources/XMTPiOS/Codecs/ReactionCodec.swift

@@ -97,4 +97,15 @@ public struct ReactionCodec: ContentCodec {
             return nil
         }
     }
+
+	public func shouldPush(content: Reaction) throws -> Bool {
+		switch content.action {
+		case .added:
+			return true
+		case .removed:
+			return false
+		case .unknown:
+			return false
+		}
+	}
 }

Sources/XMTPiOS/Codecs/ReadReceiptCodec.swift

@@ -36,4 +36,8 @@ public struct ReadReceiptCodec: ContentCodec {
     public func fallback(content: ReadReceipt) throws -> String? {
         return nil
     }
+
+	public func shouldPush(content: ReadReceipt) throws -> Bool {
+		return false
+	}
 }

Sources/XMTPiOS/Codecs/RemoteAttachmentCodec.swift

@@ -206,4 +206,8 @@ public struct RemoteAttachmentCodec: ContentCodec {
 
 		return Data(parameterData)
 	}
+
+	public func shouldPush(content: RemoteAttachment) throws -> Bool {
+		return true
+	}
 }

Sources/XMTPiOS/Codecs/ReplyCodec.swift

@@ -66,4 +66,8 @@ public struct ReplyCodec: ContentCodec {
     public func fallback(content: Reply) throws -> String? {
         return "Replied with “\(content.content)” to an earlier message"
     }
+
+	public func shouldPush(content: Reply) throws -> Bool {
+		return true
+	}
 }

Sources/XMTPiOS/Codecs/TextCodec.swift

@@ -46,4 +46,8 @@ public struct TextCodec: ContentCodec {
     public func fallback(content: String) throws -> String? {
         return nil
     }
+
+	public func shouldPush(content: String) throws -> Bool {
+		return true
+	}
 }

Sources/XMTPiOS/ConversationV2.swift

@@ -78,11 +78,14 @@ public struct ConversationV2 {
 	}
 
 	func prepareMessage(encodedContent: EncodedContent, options: SendOptions?) async throws -> PreparedMessage {
+		let codec = client.codecRegistry.find(for: options?.contentType)
+
 		let message = try await MessageV2.encode(
 			client: client,
 			content: encodedContent,
 			topic: topic,
-			keyMaterial: keyMaterial
+			keyMaterial: keyMaterial,
+			codec: codec
 		)
 
 		let topic = options?.ephemeral == true ? ephemeralTopic : topic
@@ -233,7 +236,8 @@ public struct ConversationV2 {
 			client: client,
 			content: content,
 			topic: topic,
-			keyMaterial: keyMaterial
+			keyMaterial: keyMaterial,
+			codec: codec
 		)
 
 		let envelope = Envelope(

Sources/XMTPiOS/Crypto.swift

@@ -8,7 +8,7 @@ import Foundation
 public typealias CipherText = Xmtp_MessageContents_Ciphertext
 
 enum CryptoError: Error {
-	case randomBytes, combinedPayload
+	case randomBytes, combinedPayload, keyDerivationError, hmacSignatureError
 }
 
 enum Crypto {
@@ -103,4 +103,42 @@ enum Crypto {
 			throw CryptoError.randomBytes
 		}
 	}
+
+	static func hkdfHmacKey(secret: Data, info: Data) throws -> SymmetricKey {
+		do {
+			let salt = try secureRandomBytes(count: 32)
+			let key = HKDF<SHA256>.deriveKey(
+				inputKeyMaterial: SymmetricKey(data: secret),
+				salt: salt,
+				info: info,
+				outputByteCount: 32)
+			return key
+		} catch {
+			throw CryptoError.keyDerivationError
+		}
+	}
+
+	static func generateHmacSignature(secret: Data, info: Data, message: Data) throws -> Data {
+		do {
+		  let key = try hkdfHmacKey(secret: secret, info: info)
+		  let signature = HMAC<SHA256>.authenticationCode(for: message, using: key)
+		  return Data(signature)
+	  } catch {
+		  throw CryptoError.hmacSignatureError
+	  }
+	}
+
+	static func exportHmacKey(key: SymmetricKey) -> Data {
+		var exportedData = Data(count: key.bitCount / 8)
+		exportedData.withUnsafeMutableBytes { buffer in
+			key.withUnsafeBytes { keyBuffer in
+				buffer.copyMemory(from: keyBuffer)
+			}
+		}
+		return exportedData
+	}
+
+	static func importHmacKey(keyData: Data) -> SymmetricKey {
+		return SymmetricKey(data: keyData)
+	}
 }

Sources/XMTPiOS/Messages/MessageV2.swift

@@ -12,14 +12,16 @@ import LibXMTP
 typealias MessageV2 = Xmtp_MessageContents_MessageV2
 
 enum MessageV2Error: Error {
-	case invalidSignature, decodeError(String)
+	case invalidSignature, decodeError(String), invalidData
 }
 
 extension MessageV2 {
-	init(headerBytes: Data, ciphertext: CipherText) {
+	init(headerBytes: Data, ciphertext: CipherText, senderHmac: Data, shouldPush: Bool) {
 		self.init()
 		self.headerBytes = headerBytes
 		self.ciphertext = ciphertext
+		self.senderHmac = senderHmac
+		self.shouldPush = shouldPush
 	}
 
 	static func decrypt(_ id: String, _ topic: String, _ message: MessageV2, keyMaterial: Data, client: Client) throws -> DecryptedMessage {
@@ -78,7 +80,7 @@ extension MessageV2 {
 		}
 	}
 
-	static func encode(client: Client, content encodedContent: EncodedContent, topic: String, keyMaterial: Data) async throws -> MessageV2 {
+	static func encode<Codec: ContentCodec>(client: Client, content encodedContent: EncodedContent, topic: String, keyMaterial: Data, codec: Codec) async throws -> MessageV2 {
 		let payload = try encodedContent.serializedData()
 
 		let date = Date()
@@ -95,10 +97,24 @@ extension MessageV2 {
 		let signedBytes = try signedContent.serializedData()
 
 		let ciphertext = try Crypto.encrypt(keyMaterial, signedBytes, additionalData: headerBytes)
+
+		let thirtyDayPeriodsSinceEpoch = Int(date.timeIntervalSince1970 / 60 / 60 / 24 / 30)
+		let info = "\(thirtyDayPeriodsSinceEpoch)-\(client.address)"
+		guard let infoEncoded = info.data(using: .utf8) else {
+			throw MessageV2Error.invalidData
+		}
+
+		let senderHmac = try Crypto.generateHmacSignature(secret: keyMaterial, info: infoEncoded, message: headerBytes)
+
+		let decoded = try codec.decode(content: encodedContent, client: client)
+		let shouldPush = try codec.shouldPush(content: decoded)
+
 
 		return MessageV2(
 			headerBytes: headerBytes,
-			ciphertext: ciphertext
+			ciphertext: ciphertext,
+			senderHmac: senderHmac,
+			shouldPush: shouldPush
 		)
 	}
 }