Skip to content

Commit

Permalink
feat(sdk-lib-mpc): support DKLS DKG primitives
Browse files Browse the repository at this point in the history
Ticket: HSM-267
  • Loading branch information
islamaminBitGo committed Feb 14, 2024
1 parent cabaec4 commit 4cb279a
Show file tree
Hide file tree
Showing 10 changed files with 541 additions and 134 deletions.
64 changes: 0 additions & 64 deletions modules/bitgo/test/v2/unit/internal/opengpgUtils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -215,70 +215,6 @@ describe('OpenGPG Utils Tests', function () {
.should.be.rejectedWith('Error decrypting message: Session key decryption failed.');
});

it('should succeed on encryption with detached signature and decryption with verification', async function () {
const text = 'original message';

const signedMessage = await openpgpUtils.encryptAndDetachSignText(
text,
recipientKey.publicKey,
senderKey.privateKey
);
(
await openpgpUtils.decryptAndVerifySignedText(signedMessage, senderKey.publicKey, recipientKey.privateKey)
).should.equal(text);
});

it('should fail on encryption with detached signature and decryption with wrong private key', async function () {
const text = 'original message';

const signedMessage = await openpgpUtils.encryptAndDetachSignText(
text,
recipientKey.publicKey,
senderKey.privateKey
);
await openpgpUtils
.decryptAndVerifySignedText(signedMessage, senderKey.publicKey, otherKey.privateKey)
.should.be.rejectedWith('Error decrypting message: Session key decryption failed.');
});

it('should fail on encryption with detached signature and decryption verification with wrong sender public key', async function () {
const text = 'original message';

const signedMessage = await openpgpUtils.encryptAndDetachSignText(
text,
recipientKey.publicKey,
senderKey.privateKey
);
await openpgpUtils
.decryptAndVerifySignedText(signedMessage, otherKey.publicKey, recipientKey.privateKey)
.should.be.rejectedWith(
`Error decrypting message: Could not find signing key with key ID ${(
await openpgp.readKey({ armoredKey: senderKey.publicKey })
)
.getKeyID()
.toHex()}`
);
});

it('should fail on encryption with detached signature by unintended sender and decryption verification', async function () {
const text = 'original message';

const signedMessage = await openpgpUtils.encryptAndDetachSignText(
text,
recipientKey.publicKey,
otherKey.privateKey
);
await openpgpUtils
.decryptAndVerifySignedText(signedMessage, senderKey.publicKey, recipientKey.privateKey)
.should.be.rejectedWith(
`Error decrypting message: Could not find signing key with key ID ${(
await openpgp.readKey({ armoredKey: otherKey.publicKey })
)
.getKeyID()
.toHex()}`
);
});

it('should encrypt, sign, and decrypt without previously clearing rejectedCurves', async function () {
openpgp.config.rejectCurves = new Set([openpgp.enums.curve.secp256k1]);

Expand Down
69 changes: 0 additions & 69 deletions modules/sdk-core/src/bitgo/utils/opengpgUtils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -309,75 +309,6 @@ export async function encryptText(text: string, key: Key): Promise<string> {
});
}

/**
* Encrypts and detach signs a string
* @param text string to encrypt and sign
* @param publicArmor public key to encrypt with
* @param privateArmor private key to sign with
*/
export async function encryptAndDetachSignText(
text: string,
publicArmor: string,
privateArmor: string
): Promise<AuthEncMessage> {
const publicKey = await readKey({ armoredKey: publicArmor });
const privateKey = await readPrivateKey({ armoredKey: privateArmor });
const message = await createMessage({ text });
const encryptedMessage = await encrypt({
message,
encryptionKeys: publicKey,
format: 'armored',
config: {
rejectCurves: new Set(),
showVersion: false,
showComment: false,
},
});
const signature = await sign({
message,
signingKeys: privateKey,
format: 'armored',
detached: true,
config: {
rejectCurves: new Set(),
showVersion: false,
showComment: false,
},
});
return {
encryptedMessage: encryptedMessage,
signature: signature,
};
}

/**
* Encrypts and detach signs a string
* @param text string to encrypt and sign
* @param publicArmor public key to verify signature with
* @param privateArmor private key to decrypt with
*/
export async function decryptAndVerifySignedText(
encryptedAndSignedMessage: AuthEncMessage,
publicArmor: string,
privateArmor: string
): Promise<string> {
const publicKey = await readKey({ armoredKey: publicArmor });
const privateKey = await readPrivateKey({ armoredKey: privateArmor });
const decryptedMessage = await decrypt({
message: await readMessage({ armoredMessage: encryptedAndSignedMessage.encryptedMessage }),
decryptionKeys: privateKey,
signature: await readSignature({ armoredSignature: encryptedAndSignedMessage.signature }),
verificationKeys: publicKey,
expectSigned: true,
config: {
rejectCurves: new Set(),
showVersion: false,
showComment: false,
},
});
return decryptedMessage.data;
}

/**
* Encrypts and signs a string
* @param text string to encrypt and sign
Expand Down
5 changes: 4 additions & 1 deletion modules/sdk-lib-mpc/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,14 @@
"dependencies": {
"@noble/secp256k1": "1.6.3",
"@types/superagent": "4.1.15",
"@silencelaboratories/dkls-wasm-ll-node": "0.1.0",
"@wasmer/wasi": "^1.2.2",
"bigint-crypto-utils": "3.1.4",
"bigint-mod-arith": "3.1.2",
"libsodium-wrappers-sumo": "^0.7.9",
"paillier-bigint": "3.3.0"
"paillier-bigint": "3.3.0",
"cbor": "^9.0.1",
"openpgp": "5.10.1"
},
"devDependencies": {
"@types/lodash": "^4.14.151",
Expand Down
131 changes: 131 additions & 0 deletions modules/sdk-lib-mpc/src/tss/ecdsa-dkls/commsLayer.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
import { SerializedMessages, AuthEncMessage, AuthEncMessages } from './types';
import * as pgp from 'openpgp';

/**
* Detach signs a binary and encodes it in base64
* @param data binary to encode in base64 and sign
* @param privateArmor private key to sign with
*/
export async function detachSignData(data: Buffer, privateArmor: string): Promise<AuthEncMessage> {
const message = await pgp.createMessage({ binary: data });
const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor });
const signature = await pgp.sign({
message,
signingKeys: privateKey,
format: 'armored',
detached: true,
config: {
rejectCurves: new Set(),
showVersion: false,
showComment: false,
},
});
return {
encryptedMessage: data.toString('base64'),
signature: signature,
};
}

/**
* Encrypts and detach signs a binary
* @param data binary to encrypt and sign
* @param publicArmor public key to encrypt with
* @param privateArmor private key to sign with
*/
export async function encryptAndDetachSignData(
data: Buffer,
publicArmor: string,
privateArmor: string
): Promise<AuthEncMessage> {
const message = await pgp.createMessage({ binary: data });
const publicKey = await pgp.readKey({ armoredKey: publicArmor });
const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor });
const encryptedMessage = await pgp.encrypt({
message,
encryptionKeys: publicKey,
format: 'armored',
config: {
rejectCurves: new Set(),
showVersion: false,
showComment: false,
},
});
const signature = await pgp.sign({
message,
signingKeys: privateKey,
format: 'armored',
detached: true,
config: {
rejectCurves: new Set(),
showVersion: false,
showComment: false,
},
});
return {
encryptedMessage: encryptedMessage,
signature: signature,
};
}

/**
* Decrypts and verifies signature on a binary
* @param encryptedAndSignedMessage message to decrypt and verify
* @param publicArmor public key to verify signature with
* @param privateArmor private key to decrypt with
*/
export async function decryptAndVerifySignedData(
encryptedAndSignedMessage: AuthEncMessage,
publicArmor: string,
privateArmor: string
): Promise<string> {
const publicKey = await pgp.readKey({ armoredKey: publicArmor });
const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor });
const decryptedMessage = await pgp.decrypt({
message: await pgp.readMessage({ armoredMessage: encryptedAndSignedMessage.encryptedMessage }),
decryptionKeys: [privateKey],
config: {
rejectCurves: new Set(),
showVersion: false,
showComment: false,
},
format: 'binary',
});
const verificationResult = await pgp.verify({
message: await pgp.createMessage({ binary: decryptedMessage.data }),
signature: await pgp.readSignature({ armoredSignature: encryptedAndSignedMessage.signature }),
verificationKeys: publicKey,
});
await verificationResult.signatures[0].verified;
return Buffer.from(decryptedMessage.data).toString('base64');
}

export async function encryptAndAuthOutgoingMessages(
messages: SerializedMessages,
pubEncryptionGpgKey: string,
prvAuthenticationGpgKey: string
): Promise<AuthEncMessages> {
return {
p2pMessages: await Promise.all(
messages.p2pMessages.map(async (m) => {
return {
to: m.to,
from: m.from,
payload: await encryptAndDetachSignData(
Buffer.from(m.payload, 'base64'),
pubEncryptionGpgKey,
prvAuthenticationGpgKey
),
commitment: m.commitment,
};
})
),
broadcastMessages: await Promise.all(
messages.broadcastMessages.map(async (m) => {
return {
from: m.from,
payload: await detachSignData(Buffer.from(m.payload, 'base64'), prvAuthenticationGpgKey),
};
})
),
};
}
Loading

0 comments on commit 4cb279a

Please sign in to comment.