feat(mbe): add mpcv2 signing support for sendmany

Ticket: WP-5152

Author: pranavjain97

src/__tests__/api/master/ecdsa.test.ts

@@ -124,6 +124,51 @@ interface SignMpcGShareResponse {
   gShare: GShare;
 }
 
+// ECDSA MPCv2 interfaces
+interface SignMpcV2Round1Params {
+  txRequest: TxRequest;
+  bitgoGpgPubKey: string;
+  source: 'user' | 'backup';
+  pub: string;
+}
+
+interface SignMpcV2Round1Response {
+  signatureShareRound1: SignatureShareRecord;
+  userGpgPubKey: string;
+  encryptedRound1Session: string;
+  encryptedUserGpgPrvKey: string;
+  encryptedDataKey: string;
+}
+
+interface SignMpcV2Round2Params {
+  txRequest: TxRequest;
+  bitgoGpgPubKey: string;
+  encryptedDataKey: string;
+  encryptedUserGpgPrvKey: string;
+  encryptedRound1Session: string;
+  source: 'user' | 'backup';
+  pub: string;
+}
+
+interface SignMpcV2Round2Response {
+  signatureShareRound2: SignatureShareRecord;
+  encryptedRound2Session: string;
+}
+
+interface SignMpcV2Round3Params {
+  txRequest: TxRequest;
+  bitgoGpgPubKey: string;
+  encryptedDataKey: string;
+  encryptedUserGpgPrvKey: string;
+  encryptedRound2Session: string;
+  source: 'user' | 'backup';
+  pub: string;
+}
+
+interface SignMpcV2Round3Response {
+  signatureShareRound3: SignatureShareRecord;
+}
+
 export class EnclavedExpressClient {
   private readonly baseUrl: string;
   private readonly enclavedExpressCert: string;
@@ -456,6 +501,78 @@ export class EnclavedExpressClient {
       throw err;
     }
   }
+
+  async signMpcV2Round1(params: SignMpcV2Round1Params): Promise<SignMpcV2Round1Response> {
+    if (!this.coin) {
+      throw new Error('Coin must be specified to sign an MPCv2 Round 1');
+    }
+
+    try {
+      let request = this.apiClient['v1.mpc.sign'].post({
+        coin: this.coin,
+        shareType: 'mpcv2round1',
+        ...params,
+      });
+
+      if (this.tlsMode === TlsMode.MTLS) {
+        request = request.agent(this.createHttpsAgent());
+      }
+      const response = await request.decodeExpecting(200);
+      return response.body;
+    } catch (error) {
+      const err = error as Error;
+      debugLogger('Failed to sign mpcv2 round 1: %s', err.message);
+      throw err;
+    }
+  }
+
+  async signMpcV2Round2(params: SignMpcV2Round2Params): Promise<SignMpcV2Round2Response> {
+    if (!this.coin) {
+      throw new Error('Coin must be specified to sign an MPCv2 Round 2');
+    }
+
+    try {
+      let request = this.apiClient['v1.mpc.sign'].post({
+        coin: this.coin,
+        shareType: 'mpcv2round2',
+        ...params,
+      });
+
+      if (this.tlsMode === TlsMode.MTLS) {
+        request = request.agent(this.createHttpsAgent());
+      }
+      const response = await request.decodeExpecting(200);
+      return response.body;
+    } catch (error) {
+      const err = error as Error;
+      debugLogger('Failed to sign mpcv2 round 2: %s', err.message);
+      throw err;
+    }
+  }
+
+  async signMpcV2Round3(params: SignMpcV2Round3Params): Promise<SignMpcV2Round3Response> {
+    if (!this.coin) {
+      throw new Error('Coin must be specified to sign an MPCv2 Round 3');
+    }
+
+    try {
+      let request = this.apiClient['v1.mpc.sign'].post({
+        coin: this.coin,
+        shareType: 'mpcv2round3',
+        ...params,
+      });
+
+      if (this.tlsMode === TlsMode.MTLS) {
+        request = request.agent(this.createHttpsAgent());
+      }
+      const response = await request.decodeExpecting(200);
+      return response.body;
+    } catch (error) {
+      const err = error as Error;
+      debugLogger('Failed to sign mpcv2 round 3: %s', err.message);
+      throw err;
+    }
+  }
 }
 
 /**

src/api/master/clients/enclavedExpressClient.ts

@@ -0,0 +1,126 @@
+import {
+  BitGoBase,
+  getTxRequest,
+  Wallet,
+  TxRequest,
+  IRequestTracer,
+  EcdsaMPCv2Utils,
+  commonTssMethods,
+  RequestType,
+} from '@bitgo/sdk-core';
+import { EnclavedExpressClient } from '../clients/enclavedExpressClient';
+import logger from '../../../logger';
+import { sendTxRequest } from '@bitgo/sdk-core/dist/src/bitgo/tss/common';
+
+export async function handleEcdsaSigning(
+  bitgo: BitGoBase,
+  wallet: Wallet,
+  txRequest: string | TxRequest,
+  enclavedExpressClient: EnclavedExpressClient,
+  source: 'user' | 'backup',
+  commonKeychain: string,
+  reqId?: IRequestTracer,
+) {
+  let txRequestResolved: TxRequest;
+  let txRequestId: string;
+  const ecdsaMPCv2Utils = new EcdsaMPCv2Utils(bitgo, wallet.baseCoin);
+
+  if (typeof txRequest === 'string') {
+    txRequestResolved = await getTxRequest(bitgo, wallet.id(), txRequest, reqId);
+    txRequestId = txRequestResolved.txRequestId;
+  } else {
+    txRequestResolved = txRequest;
+    txRequestId = txRequest.txRequestId;
+  }
+
+  // Get BitGo GPG key for MPCv2
+  const bitgoGpgKey = await ecdsaMPCv2Utils.getBitgoPublicGpgKey();
+
+  // Round 1: Generate user's Round 1 share
+  const {
+    signatureShareRound1,
+    userGpgPubKey,
+    encryptedRound1Session,
+    encryptedUserGpgPrvKey,
+    encryptedDataKey,
+  } = await enclavedExpressClient.signMpcV2Round1({
+    txRequest: txRequestResolved,
+    bitgoGpgPubKey: bitgoGpgKey.armor(),
+    source,
+    pub: commonKeychain,
+  });
+
+  // Send Round 1 share to BitGo and get updated txRequest
+  const round1TxRequest = await commonTssMethods.sendSignatureShareV2(
+    bitgo,
+    wallet.id(),
+    txRequestId,
+    [signatureShareRound1],
+    RequestType.tx,
+    wallet.baseCoin.getMPCAlgorithm(),
+    userGpgPubKey,
+    undefined,
+    wallet.multisigTypeVersion(),
+    reqId,
+  );
+
+  // Round 2: Generate user's Round 2 share
+  const { signatureShareRound2, encryptedRound2Session } =
+    await enclavedExpressClient.signMpcV2Round2({
+      txRequest: round1TxRequest,
+      bitgoGpgPubKey: bitgoGpgKey.armor(),
+      encryptedDataKey,
+      encryptedUserGpgPrvKey,
+      encryptedRound1Session,
+      source,
+      pub: commonKeychain,
+    });
+
+  // Send Round 2 share to BitGo and get updated txRequest
+  const round2TxRequest = await commonTssMethods.sendSignatureShareV2(
+    bitgo,
+    wallet.id(),
+    txRequestId,
+    [signatureShareRound2],
+    RequestType.tx,
+    wallet.baseCoin.getMPCAlgorithm(),
+    userGpgPubKey,
+    undefined,
+    wallet.multisigTypeVersion(),
+    reqId,
+  );
+
+  // Round 3: Generate user's Round 3 share
+  const { signatureShareRound3 } = await enclavedExpressClient.signMpcV2Round3({
+    txRequest: round2TxRequest,
+    bitgoGpgPubKey: bitgoGpgKey.armor(),
+    encryptedDataKey,
+    encryptedUserGpgPrvKey,
+    encryptedRound2Session,
+    source,
+    pub: commonKeychain,
+  });
+
+  // Send Round 3 share to BitGo
+  await commonTssMethods.sendSignatureShareV2(
+    bitgo,
+    wallet.id(),
+    txRequestId,
+    [signatureShareRound3],
+    RequestType.tx,
+    wallet.baseCoin.getMPCAlgorithm(),
+    userGpgPubKey,
+    undefined,
+    wallet.multisigTypeVersion(),
+    reqId,
+  );
+
+  logger.debug('Successfully completed ECDSA MPCv2 signing!');
+  return sendTxRequest(
+    bitgo,
+    txRequestResolved.walletId,
+    txRequestResolved.txRequestId,
+    RequestType.tx,
+    reqId,
+  );
+}

src/api/master/handlers/ecdsa.ts

@@ -14,6 +14,7 @@ import {
 import logger from '../../../logger';
 import { MasterApiSpecRouteRequest } from '../routers/masterApiSpec';
 import { handleEddsaSigning } from './eddsa';
+import { handleEcdsaSigning } from './ecdsa';
 import { EnclavedExpressClient } from '../clients/enclavedExpressClient';
 
 /**
@@ -197,7 +198,9 @@ async function signAndSendTxRequests(
   }
 
   let signedTxRequest: TxRequest;
-  if (wallet.baseCoin.getMPCAlgorithm() === 'eddsa') {
+  const mpcAlgorithm = wallet.baseCoin.getMPCAlgorithm();
+
+  if (mpcAlgorithm === 'eddsa') {
     signedTxRequest = await handleEddsaSigning(
       bitgo,
       wallet,
@@ -206,8 +209,18 @@ async function signAndSendTxRequests(
       signingKeychain.commonKeychain,
       reqId,
     );
+  } else if (mpcAlgorithm === 'ecdsa') {
+    signedTxRequest = await handleEcdsaSigning(
+      bitgo,
+      wallet,
+      txRequestId,
+      enclavedExpressClient,
+      signingKeychain.source as 'user' | 'backup',
+      signingKeychain.commonKeychain,
+      reqId,
+    );
   } else {
-    throw new Error('Unsupported MPC algorithm');
+    throw new Error(`Unsupported MPC algorithm: ${mpcAlgorithm}`);
   }
 
   if (!signedTxRequest.txRequestId) {