Merge pull request #4380 from BitGo/WP-967/remove-openssl

feat(sdk-lib-mpc): use crypto module for safe prime

modules/sdk-core/src/account-lib/mpc/tss/ecdsa/rangeproof.ts

@@ -2,18 +2,9 @@
  * Zero Knowledge Range Proofs as described in (Two-party generation of DSA signatures)[1].
  * [1]: https://reitermk.github.io/papers/2004/IJIS.pdf
  */
-import { EcdsaRangeProof, randomPositiveCoPrimeTo } from '@bitgo/sdk-lib-mpc';
-
-const {
-  generateSafePrimes,
-  generateNtilde,
-  generateNtildeProof,
-  verifyNtildeProof,
-  prove,
-  proveWithCheck,
-  verify,
-  verifyWithCheck,
-} = EcdsaRangeProof;
+import { EcdsaRangeProof, randomPositiveCoPrimeTo, generateSafePrimes } from '@bitgo/sdk-lib-mpc';
+const { generateNtilde, generateNtildeProof, verifyNtildeProof, prove, proveWithCheck, verify, verifyWithCheck } =
+  EcdsaRangeProof;
 
 /**
  * @deprecated Use EcdsaRangeProof from sdk-lib-mpc instead

modules/sdk-core/src/index.ts

@@ -4,7 +4,6 @@ export * from './api';
 export * from './bitgo';
 export * from './bitgojsError';
 export * as coins from './coins';
-export * from './openssl';
 import { EddsaUtils } from './bitgo/utils/tss/eddsa/eddsa';
 export { EddsaUtils };
 import { EcdsaUtils } from './bitgo/utils/tss/ecdsa/ecdsa';

modules/sdk-lib-mpc/package.json

@@ -40,7 +40,6 @@
     "@silencelaboratories/dkls-wasm-ll-node": "1.0.1-pre.3",
     "@silencelaboratories/dkls-wasm-ll-web": "1.0.1-pre.3",
     "@types/superagent": "4.1.15",
-    "@wasmer/wasi": "^1.2.2",
     "bigint-crypto-utils": "3.1.4",
     "bigint-mod-arith": "3.1.2",
     "cbor": "^9.0.1",

modules/sdk-lib-mpc/src/index.ts

@@ -1,5 +1,5 @@
 export * from './curves';
-export * from './openssl';
+export * from './safePrime';
 export * from './shamir';
 export * from './tss';
 

modules/sdk-lib-mpc/src/safePrime.ts

@@ -0,0 +1,22 @@
+import { generatePrime } from 'crypto';
+
+export async function generateSafePrime(bitlength: number): Promise<bigint> {
+  return new Promise<bigint>((resolve, reject) => {
+    generatePrime(
+      bitlength,
+      {
+        safe: true,
+        bigint: true,
+      },
+      (err, prime) => {
+        if (err) {
+          reject(err);
+        }
+        resolve(prime);
+      }
+    );
+  });
+}
+export function generateSafePrimes(bitLengths: number[]): Promise<bigint[]> {
+  return Promise.all(bitLengths.map(generateSafePrime));
+}

modules/sdk-lib-mpc/src/tss/ecdsa/rangeproof.ts

@@ -16,21 +16,12 @@ import {
   DeserializedNtildeWithProofs,
 } from './types';
 import { bigIntFromBufferBE, bigIntToBufferBE, randomPositiveCoPrimeTo } from '../../util';
-import { OpenSSL } from '../../openssl';
 import { minModulusBitLength } from './index';
+import { generateSafePrimes } from '../../safePrime';
 
 // 128 as recommend by https://blog.verichains.io/p/vsa-2022-120-multichain-key-extraction.
 const ITERATIONS = 128;
 
-export async function generateSafePrimes(bitLengths: number[]): Promise<bigint[]> {
-  const openSSL = new OpenSSL();
-  await openSSL.init();
-  const promises: Promise<bigint>[] = bitLengths.map((bitlength: number) => {
-    return openSSL.generateSafePrime(bitlength);
-  });
-  return await Promise.all(promises);
-}
-
 async function generateModulus(bitlength = minModulusBitLength, retry = 10): Promise<RSAModulus> {
   if (bitlength < minModulusBitLength) {
     // https://www.keylength.com/en/6/

modules/sdk-lib-mpc/test/unit/tss/ecdsa/dlogproofs.ts

@@ -1,17 +1,12 @@
 import sinon from 'sinon';
-import {
-  generateNtilde,
-  generateNtildeProof,
-  generateSafePrimes,
-  verifyNtildeProof,
-} from '../../../../src/tss/ecdsa/rangeproof';
-import { OpenSSL } from '../../../../src';
+import { generateNtilde, generateNtildeProof, verifyNtildeProof } from '../../../../src/tss/ecdsa/rangeproof';
+import * as safePrimes from '../../../../src/safePrime';
 
 describe('h1H2DiscreteLogProofs', function () {
   let switchPrime = false;
   let safePrimeMock: sinon.SinonStub;
   before(async function () {
-    safePrimeMock = sinon.stub(OpenSSL.prototype, 'generateSafePrime').callsFake(async (bitlength: number) => {
+    safePrimeMock = sinon.stub(safePrimes, 'generateSafePrime').callsFake(async (bitlength: number) => {
       // Both primes below were generated using 'openssl prime -bits 256 -generate -safe'.
       if (switchPrime) {
         switchPrime = false;
@@ -44,7 +39,7 @@ describe('h1H2DiscreteLogProofs', function () {
     ).should.be.true();
   });
   it('catch h1 and h2 not being in the same group', async function () {
-    const [p, q] = await generateSafePrimes([257, 257]);
+    const [p, q] = [await safePrimes.generateSafePrime(257), await safePrimes.generateSafePrime(257)];
     const ntilde = p * q;
     const ntildeObj = {
       ntilde: ntilde,

modules/sdk-lib-mpc/test/unit/tss/ecdsa/rangeproof.ts

@@ -4,11 +4,11 @@ import { EcdsaRangeProof, EcdsaTypes } from '../../../../src/tss/ecdsa';
 import {
   randomPositiveCoPrimeTo,
   Secp256k1Curve,
-  OpenSSL,
   BaseCurve,
   bigIntToBufferBE,
   bigIntFromBufferBE,
 } from '../../../../src';
+import * as safePrimes from '../../../../src/safePrime';
 import { DeserializedNtilde, RangeProof } from '../../../../src/tss/ecdsa/types';
 import { modPow, randBetween } from 'bigint-crypto-utils';
 import { createHash } from 'crypto';
@@ -22,7 +22,7 @@ describe('MtA range proof', function () {
   let ntilde: EcdsaTypes.DeserializedNtilde;
 
   before('set up paillier and ntile', async function () {
-    safePrimeMock = sinon.stub(OpenSSL.prototype, 'generateSafePrime').callsFake(async (bitlength: number) => {
+    safePrimeMock = sinon.stub(safePrimes, 'generateSafePrime').callsFake(async (bitlength: number) => {
       // Both primes below were generated using 'openssl prime -bits 256 -generate -safe'.
       if (switchPrime) {
         switchPrime = false;

modules/sdk-lib-mpc/test/unit/tss/ecdsa/safePrime.ts

@@ -0,0 +1,18 @@
+import 'should';
+import { bitLength, isProbablyPrime } from 'bigint-crypto-utils';
+import { generateSafePrime } from '../../../../src';
+
+describe('safePrime', function () {
+  it('should generate a safe prime number of a certain bitLength', async function () {
+    const safePrime = await generateSafePrime(512);
+    bitLength(safePrime).should.equal(512);
+  });
+
+  it('should generate a safe prime number', async function () {
+    const safePrime = await generateSafePrime(512);
+    let isPrime = await isProbablyPrime(safePrime);
+    isPrime.should.be.true();
+    isPrime = await isProbablyPrime((safePrime - BigInt(1)) / BigInt(2));
+    isPrime.should.be.true();
+  });
+});

yarn.lock

@@ -5602,11 +5602,6 @@
   resolved "https://registry.npmjs.org/@vue/shared/-/shared-3.2.47.tgz"
   integrity sha512-BHGyyGN3Q97EZx0taMQ+OLNuZcW3d37ZEVmEAyeoA9ERdGvm9Irc/0Fua8SNyOtV1w6BS4q25wbMzJujO9HIfQ==
 
-"@wasmer/wasi@^1.2.2":
-  version "1.2.2"
-  resolved "https://registry.npmjs.org/@wasmer/wasi/-/wasi-1.2.2.tgz"
-  integrity sha512-39ZB3gefOVhBmkhf7Ta79RRSV/emIV8LhdvcWhP/MOZEjMmtzoZWMzt7phdKj8CUXOze+AwbvGK60lKaKldn1w==
-
 "@webassemblyjs/[email protected]":
   version "1.11.1"
   resolved "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.1.tgz"