-
Notifications
You must be signed in to change notification settings - Fork 274
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(sdk-lib-mpc): support DKLS DKG primitives
Ticket: HSM-267
- Loading branch information
1 parent
cabaec4
commit 4cb279a
Showing
10 changed files
with
541 additions
and
134 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
import { SerializedMessages, AuthEncMessage, AuthEncMessages } from './types'; | ||
import * as pgp from 'openpgp'; | ||
|
||
/** | ||
* Detach signs a binary and encodes it in base64 | ||
* @param data binary to encode in base64 and sign | ||
* @param privateArmor private key to sign with | ||
*/ | ||
export async function detachSignData(data: Buffer, privateArmor: string): Promise<AuthEncMessage> { | ||
const message = await pgp.createMessage({ binary: data }); | ||
const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor }); | ||
const signature = await pgp.sign({ | ||
message, | ||
signingKeys: privateKey, | ||
format: 'armored', | ||
detached: true, | ||
config: { | ||
rejectCurves: new Set(), | ||
showVersion: false, | ||
showComment: false, | ||
}, | ||
}); | ||
return { | ||
encryptedMessage: data.toString('base64'), | ||
signature: signature, | ||
}; | ||
} | ||
|
||
/** | ||
* Encrypts and detach signs a binary | ||
* @param data binary to encrypt and sign | ||
* @param publicArmor public key to encrypt with | ||
* @param privateArmor private key to sign with | ||
*/ | ||
export async function encryptAndDetachSignData( | ||
data: Buffer, | ||
publicArmor: string, | ||
privateArmor: string | ||
): Promise<AuthEncMessage> { | ||
const message = await pgp.createMessage({ binary: data }); | ||
const publicKey = await pgp.readKey({ armoredKey: publicArmor }); | ||
const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor }); | ||
const encryptedMessage = await pgp.encrypt({ | ||
message, | ||
encryptionKeys: publicKey, | ||
format: 'armored', | ||
config: { | ||
rejectCurves: new Set(), | ||
showVersion: false, | ||
showComment: false, | ||
}, | ||
}); | ||
const signature = await pgp.sign({ | ||
message, | ||
signingKeys: privateKey, | ||
format: 'armored', | ||
detached: true, | ||
config: { | ||
rejectCurves: new Set(), | ||
showVersion: false, | ||
showComment: false, | ||
}, | ||
}); | ||
return { | ||
encryptedMessage: encryptedMessage, | ||
signature: signature, | ||
}; | ||
} | ||
|
||
/** | ||
* Decrypts and verifies signature on a binary | ||
* @param encryptedAndSignedMessage message to decrypt and verify | ||
* @param publicArmor public key to verify signature with | ||
* @param privateArmor private key to decrypt with | ||
*/ | ||
export async function decryptAndVerifySignedData( | ||
encryptedAndSignedMessage: AuthEncMessage, | ||
publicArmor: string, | ||
privateArmor: string | ||
): Promise<string> { | ||
const publicKey = await pgp.readKey({ armoredKey: publicArmor }); | ||
const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor }); | ||
const decryptedMessage = await pgp.decrypt({ | ||
message: await pgp.readMessage({ armoredMessage: encryptedAndSignedMessage.encryptedMessage }), | ||
decryptionKeys: [privateKey], | ||
config: { | ||
rejectCurves: new Set(), | ||
showVersion: false, | ||
showComment: false, | ||
}, | ||
format: 'binary', | ||
}); | ||
const verificationResult = await pgp.verify({ | ||
message: await pgp.createMessage({ binary: decryptedMessage.data }), | ||
signature: await pgp.readSignature({ armoredSignature: encryptedAndSignedMessage.signature }), | ||
verificationKeys: publicKey, | ||
}); | ||
await verificationResult.signatures[0].verified; | ||
return Buffer.from(decryptedMessage.data).toString('base64'); | ||
} | ||
|
||
export async function encryptAndAuthOutgoingMessages( | ||
messages: SerializedMessages, | ||
pubEncryptionGpgKey: string, | ||
prvAuthenticationGpgKey: string | ||
): Promise<AuthEncMessages> { | ||
return { | ||
p2pMessages: await Promise.all( | ||
messages.p2pMessages.map(async (m) => { | ||
return { | ||
to: m.to, | ||
from: m.from, | ||
payload: await encryptAndDetachSignData( | ||
Buffer.from(m.payload, 'base64'), | ||
pubEncryptionGpgKey, | ||
prvAuthenticationGpgKey | ||
), | ||
commitment: m.commitment, | ||
}; | ||
}) | ||
), | ||
broadcastMessages: await Promise.all( | ||
messages.broadcastMessages.map(async (m) => { | ||
return { | ||
from: m.from, | ||
payload: await detachSignData(Buffer.from(m.payload, 'base64'), prvAuthenticationGpgKey), | ||
}; | ||
}) | ||
), | ||
}; | ||
} |
Oops, something went wrong.