feat(backup & sync): use entropySourceId to sync accounts for Multi-SRP

packages/profile-sync-controller/src/controllers/authentication/AuthenticationController.ts

@@ -30,7 +30,8 @@ const controllerName = 'AuthenticationController';
 // State
 export type AuthenticationControllerState = {
   isSignedIn: boolean;
-  sessionData?: LoginResponse;
+  sessionData?: LoginResponse; // TODO: deprecate this
+  srpSessionData?: Record<string, LoginResponse>;
 };
 export const defaultState: AuthenticationControllerState = {
   isSignedIn: false,
@@ -44,6 +45,10 @@ const metadata: StateMetadata<AuthenticationControllerState> = {
     persist: true,
     anonymous: false,
   },
+  srpSessionData: {
+    persist: true,
+    anonymous: false,
+  },
 };
 
 // Messenger Actions
@@ -214,25 +219,52 @@ export default class AuthenticationController extends BaseController<
     );
   }
 
-  async #getLoginResponseFromState(): Promise<LoginResponse | null> {
+  async #getLoginResponseFromState(
+    entropySourceId?: string,
+  ): Promise<LoginResponse | null> {
+    if (entropySourceId) {
+      if (
+        !this.state.srpSessionData ||
+        !this.state.srpSessionData[entropySourceId]
+      ) {
+        return null;
+      }
+      return this.state.srpSessionData[entropySourceId];
+    }
     if (!this.state.sessionData) {
       return null;
     }
 
     return this.state.sessionData;
   }
 
-  async #setLoginResponseToState(loginResponse: LoginResponse) {
+  async #setLoginResponseToState(
+    loginResponse: LoginResponse,
+    entropySourceId?: string,
+  ) {
     const metaMetricsId = await this.#metametrics.getMetaMetricsId();
     this.update((state) => {
       state.isSignedIn = true;
-      state.sessionData = {
-        ...loginResponse,
-        profile: {
-          ...loginResponse.profile,
-          metaMetricsId,
-        },
-      };
+      if (entropySourceId) {
+        if (!state.srpSessionData) {
+          state.srpSessionData = {};
+        }
+        state.srpSessionData[entropySourceId] = {
+          ...loginResponse,
+          profile: {
+            ...loginResponse.profile,
+            metaMetricsId,
+          },
+        };
+      } else {
+        state.sessionData = {
+          ...loginResponse,
+          profile: {
+            ...loginResponse.profile,
+            metaMetricsId,
+          },
+        };
+      }
     });
   }
 
@@ -242,9 +274,9 @@ export default class AuthenticationController extends BaseController<
     }
   }
 
-  public async performSignIn(): Promise<string> {
+  public async performSignIn(entropySourceId?: string): Promise<string> {
     this.#assertIsUnlocked('performSignIn');
-    return await this.#auth.getAccessToken();
+    return await this.#auth.getAccessToken(entropySourceId);
   }
 
   public performSignOut(): void {
@@ -261,20 +293,24 @@ export default class AuthenticationController extends BaseController<
    * @returns profile for the session.
    */
 
-  public async getBearerToken(): Promise<string> {
+  public async getBearerToken(entropySourceId?: string): Promise<string> {
     this.#assertIsUnlocked('getBearerToken');
-    return await this.#auth.getAccessToken();
+    return await this.#auth.getAccessToken(entropySourceId);
   }
 
   /**
    * Will return a session profile.
    * Logs a user in if a user is not logged in.
    *
+   * @param entropySourceId - The entropy source ID used to derive the key,
+   * when multiple sources are available (Multi-SRP).
    * @returns profile for the session.
    */
-  public async getSessionProfile(): Promise<UserProfile> {
+  public async getSessionProfile(
+    entropySourceId?: string,
+  ): Promise<UserProfile> {
     this.#assertIsUnlocked('getSessionProfile');
-    return await this.#auth.getUserProfile();
+    return await this.#auth.getUserProfile(entropySourceId);
   }
 
   public isSignedIn(): boolean {
@@ -284,14 +320,16 @@ export default class AuthenticationController extends BaseController<
   /**
    * Returns the auth snap public key.
    *
+   * @param entropySourceId - The entropy source ID used to derive the key,
+   * when multiple sources are available (Multi-SRP).
    * @returns The snap public key.
    */
-  async #snapGetPublicKey(): Promise<string> {
+  async #snapGetPublicKey(entropySourceId?: string): Promise<string> {
     this.#assertIsUnlocked('#snapGetPublicKey');
 
     const result = (await this.messagingSystem.call(
       'SnapController:handleRequest',
-      createSnapPublicKeyRequest(),
+      createSnapPublicKeyRequest(entropySourceId),
     )) as string;
 
     return result;
@@ -303,9 +341,14 @@ export default class AuthenticationController extends BaseController<
    * Signs a specific message using an underlying auth snap.
    *
    * @param message - A specific tagged message to sign.
+   * @param entropySourceId - The entropy source ID used to derive the key,
+   * when multiple sources are available (Multi-SRP).
    * @returns A Signature created by the snap.
    */
-  async #snapSignMessage(message: string): Promise<string> {
+  async #snapSignMessage(
+    message: string,
+    entropySourceId?: string,
+  ): Promise<string> {
     assertMessageStartsWithMetamask(message);
 
     if (this.#_snapSignMessageCache[message]) {
@@ -316,7 +359,7 @@ export default class AuthenticationController extends BaseController<
 
     const result = (await this.messagingSystem.call(
       'SnapController:handleRequest',
-      createSnapSignMessageRequest(message),
+      createSnapSignMessageRequest(message, entropySourceId),
     )) as string;
 
     this.#_snapSignMessageCache[message] = result;

packages/profile-sync-controller/src/controllers/authentication/auth-snap-requests.ts

@@ -9,15 +9,20 @@ const snapId = 'npm:@metamask/message-signing-snap' as SnapId;
 /**
  * Constructs Request to Message Signing Snap to get Public Key
  *
+ * @param entropySourceId - The source of entropy to use for key generation,
+ * when multiple sources are available (Multi-SRP).
  * @returns Snap Public Key Request
  */
-export function createSnapPublicKeyRequest(): SnapRPCRequest {
+export function createSnapPublicKeyRequest(
+  entropySourceId?: string,
+): SnapRPCRequest {
   return {
     snapId,
     origin: 'metamask',
     handler: 'onRpcRequest' as any,
     request: {
       method: 'getPublicKey',
+      ...(entropySourceId ? { params: { entropySourceId } } : {}),
     },
   };
 }
@@ -26,18 +31,21 @@ export function createSnapPublicKeyRequest(): SnapRPCRequest {
  * Constructs Request to get Message Signing Snap to sign a message.
  *
  * @param message - message to sign
+ * @param entropySourceId - The source of entropy to use for key generation,
+ * when multiple sources are available (Multi-SRP).
  * @returns Snap Sign Message Request
  */
 export function createSnapSignMessageRequest(
   message: `metamask:${string}`,
+  entropySourceId?: string,
 ): SnapRPCRequest {
   return {
     snapId,
     origin: 'metamask',
     handler: 'onRpcRequest' as any,
     request: {
       method: 'signMessage',
-      params: { message },
+      params: { message, ...(entropySourceId ? { entropySourceId } : {}) },
     },
   };
 }

packages/profile-sync-controller/src/controllers/user-storage/UserStorageController.ts

@@ -359,17 +359,22 @@ export default class UserStorageController extends BaseController<
       {
         env: Env.PRD,
         auth: {
-          getAccessToken: () =>
+          getAccessToken: (entropySourceId?: string) =>
             this.messagingSystem.call(
               'AuthenticationController:getBearerToken',
+              entropySourceId,
             ),
-          getUserProfile: async () => {
+          getUserProfile: async (entropySourceId?: string) => {
             return await this.messagingSystem.call(
               'AuthenticationController:getSessionProfile',
+              entropySourceId,
             );
           },
-          signMessage: (message) =>
-            this.#snapSignMessage(message as `metamask:${string}`),
+          signMessage: (message: string, entropySourceId?: string) =>
+            this.#snapSignMessage(
+              message as `metamask:${string}`,
+              entropySourceId,
+            ),
         },
       },
       {
@@ -450,14 +455,17 @@ export default class UserStorageController extends BaseController<
    * Developers can extend the entry path and entry name through the `schema.ts` file.
    *
    * @param path - string in the form of `${feature}.${key}` that matches schema
+   * @param entropySourceId - The entropy source ID used to generate the encryption key.
    * @returns the decrypted string contents found from user storage (or null if not found)
    */
   public async performGetStorage(
     path: UserStoragePathWithFeatureAndKey,
+    entropySourceId?: string,
   ): Promise<string | null> {
     return await this.#userStorage.getItem(path, {
       nativeScryptCrypto: this.#nativeScryptCrypto,
       validateAgainstSchema: true,
+      entropySourceId,
     });
   }
 
@@ -466,14 +474,17 @@ export default class UserStorageController extends BaseController<
    * Developers can extend the entry path through the `schema.ts` file.
    *
    * @param path - string in the form of `${feature}` that matches schema
+   * @param entropySourceId - The entropy source ID used to generate the encryption key.
    * @returns the array of decrypted string contents found from user storage (or null if not found)
    */
   public async performGetStorageAllFeatureEntries(
     path: UserStoragePathWithFeatureOnly,
+    entropySourceId?: string,
   ): Promise<string[] | null> {
     return await this.#userStorage.getAllFeatureItems(path, {
       nativeScryptCrypto: this.#nativeScryptCrypto,
       validateAgainstSchema: true,
+      entropySourceId,
     });
   }
 
@@ -483,15 +494,18 @@ export default class UserStorageController extends BaseController<
    *
    * @param path - string in the form of `${feature}.${key}` that matches schema
    * @param value - The string data you want to store.
+   * @param entropySourceId - The entropy source ID used to generate the encryption key.
    * @returns nothing. NOTE that an error is thrown if fails to store data.
    */
   public async performSetStorage(
     path: UserStoragePathWithFeatureAndKey,
     value: string,
+    entropySourceId?: string,
   ): Promise<void> {
     return await this.#userStorage.setItem(path, value, {
       nativeScryptCrypto: this.#nativeScryptCrypto,
       validateAgainstSchema: true,
+      entropySourceId,
     });
   }
 
@@ -501,32 +515,38 @@ export default class UserStorageController extends BaseController<
    *
    * @param path - string in the form of `${feature}` that matches schema
    * @param values - data to store, in the form of an array of `[entryKey, entryValue]` pairs
+   * @param entropySourceId - The entropy source ID used to generate the encryption key.
    * @returns nothing. NOTE that an error is thrown if fails to store data.
    */
   public async performBatchSetStorage<
     FeatureName extends UserStoragePathWithFeatureOnly,
   >(
     path: FeatureName,
     values: [UserStorageFeatureKeys<FeatureName>, string][],
+    entropySourceId?: string,
   ): Promise<void> {
     return await this.#userStorage.batchSetItems(path, values, {
       nativeScryptCrypto: this.#nativeScryptCrypto,
       validateAgainstSchema: true,
+      entropySourceId,
     });
   }
 
   /**
    * Allows deletion of user data. Developers can extend the entry path and entry name through the `schema.ts` file.
    *
    * @param path - string in the form of `${feature}.${key}` that matches schema
+   * @param entropySourceId - The entropy source ID used to generate the encryption key.
    * @returns nothing. NOTE that an error is thrown if fails to delete data.
    */
   public async performDeleteStorage(
     path: UserStoragePathWithFeatureAndKey,
+    entropySourceId?: string,
   ): Promise<void> {
     return await this.#userStorage.deleteItem(path, {
       nativeScryptCrypto: this.#nativeScryptCrypto,
       validateAgainstSchema: true,
+      entropySourceId,
     });
   }
 
@@ -584,9 +604,15 @@ export default class UserStorageController extends BaseController<
    * Signs a specific message using an underlying auth snap.
    *
    * @param message - A specific tagged message to sign.
+   * @param entropySourceId - The entropy source ID used to derive the key,
+   * when multiple sources are available (Multi-SRP).
    * @returns A Signature created by the snap.
    */
-  async #snapSignMessage(message: `metamask:${string}`): Promise<string> {
+  async #snapSignMessage(
+    message: `metamask:${string}`,
+    entropySourceId?: string,
+  ): Promise<string> {
+    // the message is SRP specific already, so there's no need to use the entropySourceId in the cache
     if (this.#_snapSignMessageCache[message]) {
       return this.#_snapSignMessageCache[message];
     }
@@ -599,7 +625,7 @@ export default class UserStorageController extends BaseController<
 
     const result = (await this.messagingSystem.call(
       'SnapController:handleRequest',
-      createSnapSignMessageRequest(message),
+      createSnapSignMessageRequest(message, entropySourceId),
     )) as string;
 
     this.#_snapSignMessageCache[message] = result;