fix: store private mpcv2 prv with local encryption

mohammadalfaiyazbitgo · mohammadalfaiyazbitgo · commit a7ef80ff7864 · 2025-07-07T22:25:37.000-04:00
Ticket: WP-5150
diff --git a/src/api/enclaved/handlers/mpcV2Finalize.ts b/src/api/enclaved/handlers/mpcV2Finalize.ts
@@ -6,7 +6,6 @@ import {
 } from '../../../enclavedBitgoExpress/routers/enclavedApiSpec';
 import { KmsClient } from '../../../kms/kmsClient';
 import assert from 'assert';
-import { MPCv2PartiesEnum } from '@bitgo/sdk-core/dist/src/bitgo/utils/tss/ecdsa';
 
 export async function mpcV2Finalize(
   req: EnclavedApiSpecRouteRequest<'v1.mpcv2.finalize', 'post'>,
@@ -35,12 +34,7 @@ export async function mpcV2Finalize(
     throw new Error('Session data is missing for finalization');
   }
   sessionData.dkgSessionBytes = new Uint8Array(Object.values(sessionData.dkgSessionBytes));
-  const session = await DklsDkg.Dkg.restoreSession(
-    3,
-    2,
-    source === 'user' ? MPCv2PartiesEnum.USER : MPCv2PartiesEnum.BACKUP,
-    sessionData,
-  );
+  const session = await DklsDkg.Dkg.restoreSession(3, 2, source === 'user' ? 0 : 1, sessionData);
 
   // processing incoming messages
   const incomingMessages = await DklsComms.decryptAndVerifyIncomingMessages(
@@ -65,6 +59,17 @@ export async function mpcV2Finalize(
     'Source and Bitgo Common keychains do not match',
   );
 
+  await kms.postKey({
+    coin: req.decoded.coin,
+    source: req.decoded.source,
+    pub: commonKeychain,
+    prv: privateMaterial.toString('base64'),
+    type: 'tss',
+    options: {
+      useLocalEncipherment: true,
+    },
+  });
+
   return {
     source,
     commonKeychain,
diff --git a/src/api/enclaved/handlers/signMpcTransaction.ts b/src/api/enclaved/handlers/signMpcTransaction.ts
@@ -89,9 +89,15 @@ export async function signMpcTransaction(req: EnclavedApiSpecRouteRequest<'v1.mp
 
   const bitgo = req.bitgo;
   const coinInstance = bitgo.coin(coin);
+  const options =
+    coinInstance.getMPCAlgorithm() === 'ecdsa'
+      ? {
+          useLocalEncipherment: true,
+        }
+      : undefined;
 
   // Get private key from KMS
-  const prv = await retrieveKmsPrvKey({ pub, source, cfg: req.config });
+  const prv = await retrieveKmsPrvKey({ pub, source, cfg: req.config, options });
 
   if (!prv) {
     const errorMsg = `Error while MPC signing, missing prv key for pub=${pub}, source=${source}`;
diff --git a/src/api/enclaved/utils.ts b/src/api/enclaved/utils.ts
@@ -8,16 +8,20 @@ export async function retrieveKmsPrvKey({
   pub,
   source,
   cfg,
+  options,
 }: {
   pub: string;
   source: string;
   cfg: EnclavedConfig;
+  options?: {
+    useLocalEncipherment?: boolean;
+  };
 }): Promise<string> {
   const kms = new KmsClient(cfg);
   // Retrieve the private key from KMS
   let prv: string;
   try {
-    const res = await kms.getKey({ pub, source });
+    const res = await kms.getKey({ pub, source, options });
     prv = res.prv;
     return prv;
   } catch (error: any) {
diff --git a/src/kms/kmsClient.ts b/src/kms/kmsClient.ts
@@ -65,7 +65,10 @@ export class KmsClient {
     try {
       kmsResponse = await superagent
         .get(`${this.url}/key/${params.pub}`)
-        .query({ source: params.source });
+        .query({
+          source: params.source,
+          useLocalEncipherment: params.options?.useLocalEncipherment ?? false,
+        });
     } catch (error: any) {
       console.log('Error getting key from KMS', error);
       throw error;
diff --git a/src/kms/types/getKey.ts b/src/kms/types/getKey.ts
@@ -3,6 +3,9 @@ import * as z from 'zod';
 export interface GetKeyParams {
   pub: string;
   source: string;
+  options?: {
+    useLocalEncipherment?: boolean;
+  };
 }
 
 export interface GetKeyResponse {
diff --git a/src/kms/types/postKey.ts b/src/kms/types/postKey.ts
@@ -7,6 +7,9 @@ export interface PostKeyParams {
   source: string;
   type: 'independent' | 'tss';
   seed?: string; // Optional seed for key generation
+  options?: {
+    useLocalEncipherment?: boolean;
+  };
 }
 
 export interface PostKeyResponse {

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,9 @@ import * as z from 'zod';`
`3`	`3`	`export interface GetKeyParams {`
`4`	`4`	`pub: string;`
`5`	`5`	`source: string;`
	`6`	`+ options?: {`
	`7`	`+ useLocalEncipherment?: boolean;`
	`8`	`+ };`
`6`	`9`	`}`
`7`	`10`
`8`	`11`	`export interface GetKeyResponse {`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,9 @@ export interface PostKeyParams {`
`7`	`7`	`source: string;`
`8`	`8`	`type: 'independent' \| 'tss';`
`9`	`9`	`seed?: string; // Optional seed for key generation`
	`10`	`+ options?: {`
	`11`	`+ useLocalEncipherment?: boolean;`
	`12`	`+ };`
`10`	`13`	`}`
`11`	`14`
`12`	`15`	`export interface PostKeyResponse {`