From 7e49853e27e49e502dce834ffd291e7f9742e00f Mon Sep 17 00:00:00 2001 From: Cesar Patino Date: Tue, 5 Aug 2025 14:50:31 -0400 Subject: [PATCH] feat(mbe): use local encipherment only --- .../recoveryMpcV2.test.ts | 11 ++++------- .../recoveryMusigEth.test.ts | 8 ++++---- .../signMpcRecoveryTransaction.test.ts | 7 ------- .../signMpcTransaction.test.ts | 18 +++++++++--------- .../signMultisigTransaction.test.ts | 2 +- .../handlers/ecdsaMPCv2Finalize.ts | 3 --- .../handlers/signEddsaRecoveryTransaction.ts | 2 -- .../handlers/signMpcTransaction.ts | 8 +------- src/api/advancedWalletManager/utils.ts | 6 +----- src/kms/kmsClient.ts | 1 - src/kms/types/getKey.ts | 3 --- src/kms/types/postKey.ts | 3 --- 12 files changed, 20 insertions(+), 52 deletions(-) diff --git a/src/__tests__/api/advancedWalletManager/recoveryMpcV2.test.ts b/src/__tests__/api/advancedWalletManager/recoveryMpcV2.test.ts index 118ce5f..004cbf0 100644 --- a/src/__tests__/api/advancedWalletManager/recoveryMpcV2.test.ts +++ b/src/__tests__/api/advancedWalletManager/recoveryMpcV2.test.ts @@ -86,12 +86,12 @@ describe('recoveryMpcV2', async () => { // nocks for KMS responses const userKmsNock = nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(200, mockKmsUserResponse) .persist(); const backupKmsNock = nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'backup', useLocalEncipherment: false }) + .query({ source: 'backup' }) .reply(200, mockKmsBackupResponse) .persist(); @@ -139,13 +139,10 @@ describe('recoveryMpcV2', async () => { }; // nocks for KMS responses + nock(kmsUrl).get(`/key/${input.pub}`).query({ source: 'user' }).reply(200, mockKmsUserResponse); nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'user', useLocalEncipherment: false }) - .reply(200, mockKmsUserResponse); - nock(kmsUrl) - .get(`/key/${input.pub}`) - .query({ source: 'backup', useLocalEncipherment: false }) + .query({ source: 'backup' }) .reply(200, mockKmsBackupResponse); const signatureResponse = await agent diff --git a/src/__tests__/api/advancedWalletManager/recoveryMusigEth.test.ts b/src/__tests__/api/advancedWalletManager/recoveryMusigEth.test.ts index 1482520..792798d 100644 --- a/src/__tests__/api/advancedWalletManager/recoveryMusigEth.test.ts +++ b/src/__tests__/api/advancedWalletManager/recoveryMusigEth.test.ts @@ -78,12 +78,12 @@ describe('recoveryMultisigTransaction', () => { const kmsNockUser = nock(kmsUrl) .get(`/key/${userPub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(200, mockKmsUserResponse); const kmsNockBackup = nock(kmsUrl) .get(`/key/${backupPub}`) - .query({ source: 'backup', useLocalEncipherment: false }) + .query({ source: 'backup' }) .reply(200, mockKmsBackupResponse); const response = await agent @@ -129,12 +129,12 @@ describe('recoveryMultisigTransaction', () => { const kmsNockUser = nock(kmsUrl) .get(`/key/${userPub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(200, mockKmsUserResponse); const kmsNockBackup = nock(kmsUrl) .get(`/key/${backupPub}`) - .query({ source: 'backup', useLocalEncipherment: false }) + .query({ source: 'backup' }) .reply(200, mockKmsBackupResponse); const response = await agent diff --git a/src/__tests__/api/advancedWalletManager/signMpcRecoveryTransaction.test.ts b/src/__tests__/api/advancedWalletManager/signMpcRecoveryTransaction.test.ts index bfbee81..ae32433 100644 --- a/src/__tests__/api/advancedWalletManager/signMpcRecoveryTransaction.test.ts +++ b/src/__tests__/api/advancedWalletManager/signMpcRecoveryTransaction.test.ts @@ -100,7 +100,6 @@ describe('EdDSA Recovery Signing', () => { pub: commonKeychain, source: 'user', cfg: config, - options: { useLocalEncipherment: false }, }) .resolves(JSON.stringify(userPrvShare)); @@ -109,7 +108,6 @@ describe('EdDSA Recovery Signing', () => { pub: commonKeychain, source: 'backup', cfg: config, - options: { useLocalEncipherment: false }, }) .resolves(JSON.stringify(backupPrvShare)); @@ -136,7 +134,6 @@ describe('EdDSA Recovery Signing', () => { pub: commonKeychain, source: 'user', cfg: config, - options: { useLocalEncipherment: false }, }) .should.be.true(); @@ -145,7 +142,6 @@ describe('EdDSA Recovery Signing', () => { pub: commonKeychain, source: 'backup', cfg: config, - options: { useLocalEncipherment: false }, }) .should.be.true(); }); @@ -157,7 +153,6 @@ describe('EdDSA Recovery Signing', () => { pub: commonKeychain, source: 'user', cfg: config, - options: { useLocalEncipherment: false }, }) .resolves(undefined); @@ -185,7 +180,6 @@ describe('EdDSA Recovery Signing', () => { pub: commonKeychain, source: 'user', cfg: config, - options: { useLocalEncipherment: false }, }) .resolves(JSON.stringify(userPrvShare)); @@ -194,7 +188,6 @@ describe('EdDSA Recovery Signing', () => { pub: commonKeychain, source: 'backup', cfg: config, - options: { useLocalEncipherment: false }, }) .resolves(undefined); diff --git a/src/__tests__/api/advancedWalletManager/signMpcTransaction.test.ts b/src/__tests__/api/advancedWalletManager/signMpcTransaction.test.ts index b9e2a6b..593093e 100644 --- a/src/__tests__/api/advancedWalletManager/signMpcTransaction.test.ts +++ b/src/__tests__/api/advancedWalletManager/signMpcTransaction.test.ts @@ -132,7 +132,7 @@ describe('signMpcTransaction', () => { // Mock KMS responses const kmsNock = nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const dataKeyNock = nock(kmsUrl).post('/generateDataKey').reply(200, mockDataKeyResponse); @@ -170,7 +170,7 @@ describe('signMpcTransaction', () => { // Mock KMS responses for R share const rKmsNock = nock(kmsUrl) .get(`/key/${rInput.pub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const decryptDataKeyNock = nock(kmsUrl) @@ -232,7 +232,7 @@ describe('signMpcTransaction', () => { // Mock KMS response for G share const gKmsNock = nock(kmsUrl) .get(`/key/${gInput.pub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const gResponse = await agent @@ -260,7 +260,7 @@ describe('signMpcTransaction', () => { const kmsNock = nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(404, { error: 'Key not found' }); const response = await agent @@ -372,7 +372,7 @@ describe('signMpcTransaction', () => { // Mock KMS responses for Round 1 const kmsNock = nock(kmsUrl) .get(`/key/${round1Input.pub}`) - .query({ source: 'user', useLocalEncipherment: true }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const dataKeyNock = nock(kmsUrl).post('/generateDataKey').reply(200, mockDataKeyResponse); @@ -434,7 +434,7 @@ describe('signMpcTransaction', () => { // Mock KMS responses for Round 2 const r2KmsNock = nock(kmsUrl) .get(`/key/${round2Input.pub}`) - .query({ source: 'user', useLocalEncipherment: true }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const decryptDataKeyNock = nock(kmsUrl) @@ -482,7 +482,7 @@ describe('signMpcTransaction', () => { // Mock KMS responses for Round 3 const r3KmsNock = nock(kmsUrl) .get(`/key/${round3Input.pub}`) - .query({ source: 'user', useLocalEncipherment: true }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const r3DecryptDataKeyNock = nock(kmsUrl) @@ -564,7 +564,7 @@ describe('signMpcTransaction', () => { const kmsNock = nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'user', useLocalEncipherment: true }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const response = await agent @@ -599,7 +599,7 @@ describe('signMpcTransaction', () => { const kmsNock = nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'user', useLocalEncipherment: true }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const response = await agent diff --git a/src/__tests__/api/advancedWalletManager/signMultisigTransaction.test.ts b/src/__tests__/api/advancedWalletManager/signMultisigTransaction.test.ts index e2cd946..8ea556f 100644 --- a/src/__tests__/api/advancedWalletManager/signMultisigTransaction.test.ts +++ b/src/__tests__/api/advancedWalletManager/signMultisigTransaction.test.ts @@ -104,7 +104,7 @@ describe('signMultisigTransaction', () => { const kmsNock = nock(kmsUrl) .get(`/key/${input.pub}`) - .query({ source: 'user', useLocalEncipherment: false }) + .query({ source: 'user' }) .reply(200, mockKmsResponse); const response = await agent diff --git a/src/api/advancedWalletManager/handlers/ecdsaMPCv2Finalize.ts b/src/api/advancedWalletManager/handlers/ecdsaMPCv2Finalize.ts index 20a2f27..ba9d526 100644 --- a/src/api/advancedWalletManager/handlers/ecdsaMPCv2Finalize.ts +++ b/src/api/advancedWalletManager/handlers/ecdsaMPCv2Finalize.ts @@ -65,9 +65,6 @@ export async function ecdsaMPCv2Finalize( pub: commonKeychain, prv: privateMaterial.toString('base64'), type: 'tss', - options: { - useLocalEncipherment: true, - }, }); return { diff --git a/src/api/advancedWalletManager/handlers/signEddsaRecoveryTransaction.ts b/src/api/advancedWalletManager/handlers/signEddsaRecoveryTransaction.ts index 1f98505..93e8ea7 100644 --- a/src/api/advancedWalletManager/handlers/signEddsaRecoveryTransaction.ts +++ b/src/api/advancedWalletManager/handlers/signEddsaRecoveryTransaction.ts @@ -111,14 +111,12 @@ export async function signEddsaRecoveryTransaction({ pub: request.commonKeychain.toString(), source: 'user', cfg, - options: { useLocalEncipherment: false }, }); const backupPrv = await retrieveKmsPrvKey({ pub: request.commonKeychain.toString(), source: 'backup', cfg, - options: { useLocalEncipherment: false }, }); if (!userPrv || !backupPrv) { diff --git a/src/api/advancedWalletManager/handlers/signMpcTransaction.ts b/src/api/advancedWalletManager/handlers/signMpcTransaction.ts index ffea275..49297fc 100644 --- a/src/api/advancedWalletManager/handlers/signMpcTransaction.ts +++ b/src/api/advancedWalletManager/handlers/signMpcTransaction.ts @@ -91,15 +91,9 @@ export async function signMpcTransaction(req: AwmApiSpecRouteRequest<'v1.mpc.sig const bitgo = req.bitgo; const coinInstance = await coinFactory.getCoin(coin, bitgo); - const options = - coinInstance.getMPCAlgorithm() === 'ecdsa' - ? { - useLocalEncipherment: true, - } - : undefined; // Get private key from KMS - const prv = await retrieveKmsPrvKey({ pub, source, cfg: req.config, options }); + const prv = await retrieveKmsPrvKey({ pub, source, cfg: req.config }); if (!prv) { const errorMsg = `Error while MPC signing, missing prv key for pub=${pub}, source=${source}`; diff --git a/src/api/advancedWalletManager/utils.ts b/src/api/advancedWalletManager/utils.ts index 995bb5b..9d6a3f6 100644 --- a/src/api/advancedWalletManager/utils.ts +++ b/src/api/advancedWalletManager/utils.ts @@ -8,20 +8,16 @@ export async function retrieveKmsPrvKey({ pub, source, cfg, - options, }: { pub: string; source: string; cfg: AdvancedWalletManagerConfig; - options?: { - useLocalEncipherment?: boolean; - }; }): Promise { const kms = new KmsClient(cfg); // Retrieve the private key from KMS let prv: string; try { - const res = await kms.getKey({ pub, source, options }); + const res = await kms.getKey({ pub, source }); prv = res.prv; return prv; } catch (error: any) { diff --git a/src/kms/kmsClient.ts b/src/kms/kmsClient.ts index 8ddd21c..f8c0d84 100644 --- a/src/kms/kmsClient.ts +++ b/src/kms/kmsClient.ts @@ -87,7 +87,6 @@ export class KmsClient { try { let req = superagent.get(`${this.url}/key/${params.pub}`).query({ source: params.source, - useLocalEncipherment: params.options?.useLocalEncipherment ?? false, }); if (this.agent) req = req.agent(this.agent); kmsResponse = await req; diff --git a/src/kms/types/getKey.ts b/src/kms/types/getKey.ts index b3b7b06..35b9005 100644 --- a/src/kms/types/getKey.ts +++ b/src/kms/types/getKey.ts @@ -3,9 +3,6 @@ import * as z from 'zod'; export interface GetKeyParams { pub: string; source: string; - options?: { - useLocalEncipherment?: boolean; - }; } export interface GetKeyResponse { diff --git a/src/kms/types/postKey.ts b/src/kms/types/postKey.ts index 4b47c0f..f661f61 100644 --- a/src/kms/types/postKey.ts +++ b/src/kms/types/postKey.ts @@ -7,9 +7,6 @@ export interface PostKeyParams { source: string; type: 'independent' | 'tss'; seed?: string; // Optional seed for key generation - options?: { - useLocalEncipherment?: boolean; - }; } export interface PostKeyResponse {