feat(mbe): re-use custom signing methods for mpcv2

Ticket: WP-5152

Author: pranavjain97

src/api/master/clients/enclavedExpressClient.ts

@@ -130,12 +130,9 @@ interface SignMpcGShareResponse {
 // ECDSA MPCv2 interfaces
 interface SignMpcV2Round1Params {
   txRequest: TxRequest;
-  bitgoGpgPubKey: string;
-  source: 'user' | 'backup';
-  pub: string;
 }
 
-interface SignMpcV2Round1Response {
+export interface SignMpcV2Round1Response {
   signatureShareRound1: SignatureShareRecord;
   userGpgPubKey: string;
   encryptedRound1Session: string;
@@ -145,30 +142,28 @@ interface SignMpcV2Round1Response {
 
 interface SignMpcV2Round2Params {
   txRequest: TxRequest;
-  bitgoGpgPubKey: string;
-  encryptedDataKey: string;
   encryptedUserGpgPrvKey: string;
   encryptedRound1Session: string;
-  source: 'user' | 'backup';
-  pub: string;
+  encryptedDataKey: string;
+  bitgoPublicGpgKey: string;
+  bitgoGpgPubKey: string;
 }
 
-interface SignMpcV2Round2Response {
+export interface SignMpcV2Round2Response {
   signatureShareRound2: SignatureShareRecord;
   encryptedRound2Session: string;
 }
 
 interface SignMpcV2Round3Params {
   txRequest: TxRequest;
-  bitgoGpgPubKey: string;
-  encryptedDataKey: string;
   encryptedUserGpgPrvKey: string;
   encryptedRound2Session: string;
-  source: 'user' | 'backup';
-  pub: string;
+  encryptedDataKey: string;
+  bitgoPublicGpgKey: string;
+  bitgoGpgPubKey: string;
 }
 
-interface SignMpcV2Round3Response {
+export interface SignMpcV2Round3Response {
   signatureShareRound3: SignatureShareRecord;
 }
 
@@ -606,20 +601,30 @@ export class EnclavedExpressClient {
     }
   }
 
-  async signMpcV2Round1(params: SignMpcV2Round1Params): Promise<SignMpcV2Round1Response> {
-    if (!this.coin) {
+/**
+ * Create custom MPCv2 Round 1 signing function for enclaved express client
+ */
+export function createCustomMPCv2SigningRound1Generator(
+  enclavedExpressClient: EnclavedExpressClient,
+  source: 'user' | 'backup',
+  pub: string,
+): (params: SignMpcV2Round1Params) => Promise<SignMpcV2Round1Response> {
+  return async function (params): Promise<SignMpcV2Round1Response> {
+    if (!enclavedExpressClient['coin']) {
       throw new Error('Coin must be specified to sign an MPCv2 Round 1');
     }
 
     try {
-      let request = this.apiClient['v1.mpc.sign'].post({
-        coin: this.coin,
+      let request = enclavedExpressClient['apiClient']['v1.mpc.sign'].post({
+        coin: enclavedExpressClient['coin'],
         shareType: 'mpcv2round1',
         ...params,
+        source,
+        pub,
       });
 
-      if (this.tlsMode === TlsMode.MTLS) {
-        request = request.agent(this.createHttpsAgent());
+      if (enclavedExpressClient['tlsMode'] === TlsMode.MTLS) {
+        request = request.agent(enclavedExpressClient['createHttpsAgent']());
       }
       const response = await request.decodeExpecting(200);
       return response.body;
@@ -628,22 +633,33 @@ export class EnclavedExpressClient {
       debugLogger('Failed to sign mpcv2 round 1: %s', err.message);
       throw err;
     }
-  }
+  };
+}
 
-  async signMpcV2Round2(params: SignMpcV2Round2Params): Promise<SignMpcV2Round2Response> {
-    if (!this.coin) {
+/**
+ * Create custom MPCv2 Round 2 signing function for enclaved express client
+ */
+export function createCustomMPCv2SigningRound2Generator(
+  enclavedExpressClient: EnclavedExpressClient,
+  source: 'user' | 'backup',
+  pub: string,
+): (params: SignMpcV2Round2Params) => Promise<SignMpcV2Round2Response> {
+  return async function (params): Promise<SignMpcV2Round2Response> {
+    if (!enclavedExpressClient['coin']) {
       throw new Error('Coin must be specified to sign an MPCv2 Round 2');
     }
 
     try {
-      let request = this.apiClient['v1.mpc.sign'].post({
-        coin: this.coin,
+      let request = enclavedExpressClient['apiClient']['v1.mpc.sign'].post({
+        coin: enclavedExpressClient['coin'],
         shareType: 'mpcv2round2',
         ...params,
+        source,
+        pub,
       });
 
-      if (this.tlsMode === TlsMode.MTLS) {
-        request = request.agent(this.createHttpsAgent());
+      if (enclavedExpressClient['tlsMode'] === TlsMode.MTLS) {
+        request = request.agent(enclavedExpressClient['createHttpsAgent']());
       }
       const response = await request.decodeExpecting(200);
       return response.body;
@@ -652,22 +668,33 @@ export class EnclavedExpressClient {
       debugLogger('Failed to sign mpcv2 round 2: %s', err.message);
       throw err;
     }
-  }
+  };
+}
 
-  async signMpcV2Round3(params: SignMpcV2Round3Params): Promise<SignMpcV2Round3Response> {
-    if (!this.coin) {
+/**
+ * Create custom MPCv2 Round 3 signing function for enclaved express client
+ */
+export function createCustomMPCv2SigningRound3Generator(
+  enclavedExpressClient: EnclavedExpressClient,
+  source: 'user' | 'backup',
+  pub: string,
+): (params: SignMpcV2Round3Params) => Promise<SignMpcV2Round3Response> {
+  return async function (params): Promise<SignMpcV2Round3Response> {
+    if (!enclavedExpressClient['coin']) {
       throw new Error('Coin must be specified to sign an MPCv2 Round 3');
     }
 
     try {
-      let request = this.apiClient['v1.mpc.sign'].post({
-        coin: this.coin,
+      let request = enclavedExpressClient['apiClient']['v1.mpc.sign'].post({
+        coin: enclavedExpressClient['coin'],
         shareType: 'mpcv2round3',
         ...params,
+        source,
+        pub,
       });
 
-      if (this.tlsMode === TlsMode.MTLS) {
-        request = request.agent(this.createHttpsAgent());
+      if (enclavedExpressClient['tlsMode'] === TlsMode.MTLS) {
+        request = request.agent(enclavedExpressClient['createHttpsAgent']());
       }
       const response = await request.decodeExpecting(200);
       return response.body;
@@ -676,7 +703,7 @@ export class EnclavedExpressClient {
       debugLogger('Failed to sign mpcv2 round 3: %s', err.message);
       throw err;
     }
-  }
+  };
 }
 
 /**

src/api/master/handlers/ecdsa.ts

@@ -1,16 +1,22 @@
 import {
   BaseCoin,
   BitGoBase,
-  commonTssMethods,
   EcdsaMPCv2Utils,
   getTxRequest,
   IRequestTracer,
   RequestType,
   SupplementGenerateWalletOptions,
   Wallet,
+  TxRequest,
 } from '@bitgo/sdk-core';
-import { EnclavedExpressClient } from '../clients/enclavedExpressClient';
-import logger from '../../../logger';
+import {
+  EnclavedExpressClient,
+  SignMpcV2Round1Response,
+  SignMpcV2Round2Response,
+  createCustomMPCv2SigningRound1Generator,
+  createCustomMPCv2SigningRound2Generator,
+  createCustomMPCv2SigningRound3Generator,
+} from '../clients/enclavedExpressClient';
 
 export async function handleEcdsaSigning(
   bitgo: BitGoBase,
@@ -19,100 +25,79 @@ export async function handleEcdsaSigning(
   enclavedExpressClient: EnclavedExpressClient,
   source: 'user' | 'backup',
   commonKeychain: string,
-  reqId?: IRequestTracer,
+  reqId: IRequestTracer,
 ) {
-  const ecdsaMPCv2Utils = new EcdsaMPCv2Utils(bitgo, wallet.baseCoin);
+  const ecdsaMPCv2Utils = new EcdsaMPCv2Utils(bitgo, wallet.baseCoin, wallet);
   const txRequest = await getTxRequest(bitgo, wallet.id(), txRequestId, reqId);
 
-  // Get BitGo GPG key for MPCv2
-  const bitgoGpgKey = await ecdsaMPCv2Utils.getBitgoMpcv2PublicGpgKey();
+  // Create state to maintain data between rounds
+  let round1Response: SignMpcV2Round1Response;
+  let round2Response: SignMpcV2Round2Response;
 
-  // Round 1: Generate user's Round 1 share
-  const {
-    signatureShareRound1,
-    userGpgPubKey,
-    encryptedRound1Session,
-    encryptedUserGpgPrvKey,
-    encryptedDataKey,
-  } = await enclavedExpressClient.signMpcV2Round1({
-    txRequest,
-    bitgoGpgPubKey: bitgoGpgKey.armor(),
-    source,
-    pub: commonKeychain,
-  });
-
-  // Send Round 1 share to BitGo and get updated txRequest
-  const round1TxRequest = await commonTssMethods.sendSignatureShareV2(
-    bitgo,
-    wallet.id(),
-    txRequestId,
-    [signatureShareRound1],
-    RequestType.tx,
-    wallet.baseCoin.getMPCAlgorithm(),
-    userGpgPubKey,
-    undefined,
-    wallet.multisigTypeVersion(),
-    reqId,
-  );
+  // Create custom signing methods that maintain state
+  const customRound1Signer = async (params: { txRequest: TxRequest }) => {
+    const response = await createCustomMPCv2SigningRound1Generator(
+      enclavedExpressClient,
+      source,
+      commonKeychain,
+    )(params);
+    round1Response = response;
+    return response;
+  };
 
-  // Round 2: Generate user's Round 2 share
-  const { signatureShareRound2, encryptedRound2Session } =
-    await enclavedExpressClient.signMpcV2Round2({
-      txRequest: round1TxRequest,
-      bitgoGpgPubKey: bitgoGpgKey.armor(),
-      encryptedDataKey,
-      encryptedUserGpgPrvKey,
-      encryptedRound1Session,
+  const customRound2Signer = async (params: {
+    txRequest: TxRequest;
+    encryptedUserGpgPrvKey: string;
+    encryptedRound1Session: string;
+    bitgoPublicGpgKey: string;
+  }) => {
+    if (!round1Response) {
+      throw new Error('Round 1 must be completed before Round 2');
+    }
+    const response = await createCustomMPCv2SigningRound2Generator(
+      enclavedExpressClient,
       source,
-      pub: commonKeychain,
+      commonKeychain,
+    )({
+      ...params,
+      encryptedDataKey: round1Response.encryptedDataKey,
+      encryptedRound1Session: round1Response.encryptedRound1Session,
+      encryptedUserGpgPrvKey: round1Response.encryptedUserGpgPrvKey,
+      bitgoGpgPubKey: params.bitgoPublicGpgKey,
     });
+    round2Response = response;
+    return response;
+  };
 
-  // Send Round 2 share to BitGo and get updated txRequest
-  const round2TxRequest = await commonTssMethods.sendSignatureShareV2(
-    bitgo,
-    wallet.id(),
-    txRequestId,
-    [signatureShareRound2],
-    RequestType.tx,
-    wallet.baseCoin.getMPCAlgorithm(),
-    userGpgPubKey,
-    undefined,
-    wallet.multisigTypeVersion(),
-    reqId,
-  );
-
-  // Round 3: Generate user's Round 3 share
-  const { signatureShareRound3 } = await enclavedExpressClient.signMpcV2Round3({
-    txRequest: round2TxRequest,
-    bitgoGpgPubKey: bitgoGpgKey.armor(),
-    encryptedDataKey,
-    encryptedUserGpgPrvKey,
-    encryptedRound2Session,
-    source,
-    pub: commonKeychain,
-  });
-
-  // Send Round 3 share to BitGo
-  await commonTssMethods.sendSignatureShareV2(
-    bitgo,
-    wallet.id(),
-    txRequestId,
-    [signatureShareRound3],
-    RequestType.tx,
-    wallet.baseCoin.getMPCAlgorithm(),
-    userGpgPubKey,
-    undefined,
-    wallet.multisigTypeVersion(),
-    reqId,
-  );
+  const customRound3Signer = async (params: {
+    txRequest: TxRequest;
+    encryptedUserGpgPrvKey: string;
+    encryptedRound2Session: string;
+    bitgoPublicGpgKey: string;
+  }) => {
+    if (!round2Response) {
+      throw new Error('Round 1 must be completed before Round 3');
+    }
+    return await createCustomMPCv2SigningRound3Generator(
+      enclavedExpressClient,
+      source,
+      commonKeychain,
+    )({
+      ...params,
+      encryptedDataKey: round1Response.encryptedDataKey,
+      encryptedRound2Session: round2Response.encryptedRound2Session,
+      encryptedUserGpgPrvKey: round1Response.encryptedUserGpgPrvKey,
+      bitgoGpgPubKey: params.bitgoPublicGpgKey,
+    });
+  };
 
-  logger.debug('Successfully completed ECDSA MPCv2 signing!');
-  return commonTssMethods.sendTxRequest(
-    bitgo,
-    txRequest.walletId,
-    txRequest.txRequestId,
+  // Use the existing signEcdsaMPCv2TssUsingExternalSigner method with our custom signers
+  return await ecdsaMPCv2Utils.signEcdsaMPCv2TssUsingExternalSigner(
+    { txRequest, reqId },
+    customRound1Signer,
+    customRound2Signer,
+    customRound3Signer,
     RequestType.tx,
-    reqId,
   );
 }
 

src/api/master/handlers/handleSendMany.ts

@@ -45,9 +45,9 @@ export async function handleSendMany(req: MasterApiSpecRouteRequest<'v1.wallet.s
     throw new Error(`Wallet ${walletId} not found`);
   }
 
-  if (wallet.type() !== 'cold' || wallet.subType() !== 'onPrem') {
-    throw new Error('Wallet is not an on-prem wallet');
-  }
+  // if (wallet.type() !== 'cold' || wallet.subType() !== 'onPrem') {
+  //   throw new Error('Wallet is not an on-prem wallet');
+  // }
 
   const keyIdIndex = params.source === 'user' ? KeyIndices.USER : KeyIndices.BACKUP;
   logger.info(`Key ID index: ${keyIdIndex}`);