DKG, distributed public key restore

Author: satiracode

src/main/kotlin/org/exploit/keeper/api/KeyGenApi.kt

@@ -0,0 +1,25 @@
+package org.exploit.keeper.api
+
+import org.eclipse.jetty.http.HttpMethod
+import org.exploit.jettyx.annotation.HttpRequest
+import org.exploit.jettyx.annotation.Query
+import org.exploit.keeper.constant.CurveName
+import org.exploit.keeper.model.keygen.ShamirShareDto
+import java.util.concurrent.CompletableFuture
+
+interface KeyGenApi {
+    @HttpRequest(path = "/v1/keygen/init", method = HttpMethod.POST)
+    fun init(@Query("keyId") keyId: String, @Query("curve") curve: CurveName, @Query("overwrite") overwrite: Boolean): CompletableFuture<Void>
+
+    @HttpRequest(path = "/v1/keygen/share", method = HttpMethod.GET)
+    fun share(@Query("keyId") keyId: String): CompletableFuture<ShamirShareDto>
+    
+    @HttpRequest(path = "/v1/keygen/collect", method = HttpMethod.POST)
+    fun collect(@Query("keyId") keyId: String): CompletableFuture<Void>
+
+    @HttpRequest(path = "/v1/keygen/compute", method = HttpMethod.POST)
+    fun compute(@Query("keyId") keyId: String): CompletableFuture<Void>
+
+    @HttpRequest(path = "/v1/keygen/abort", method = HttpMethod.POST)
+    fun abort(@Query("keyId") keyId: String): CompletableFuture<Void>
+}

src/main/kotlin/org/exploit/keeper/api/PublicKeyApi.kt

@@ -0,0 +1,12 @@
+package org.exploit.keeper.api
+
+import org.eclipse.jetty.http.HttpMethod
+import org.exploit.jettyx.annotation.HttpRequest
+import org.exploit.jettyx.annotation.Path
+import org.exploit.keeper.model.PublicKeyDto
+import java.util.concurrent.CompletableFuture
+
+interface PublicKeyApi {
+    @HttpRequest(method = HttpMethod.GET, path = "/v1/publicKey/{keyId}")
+    fun getPublicKeyShare(@Path("keyId") keyId: String): CompletableFuture<PublicKeyDto>
+}

src/main/kotlin/org/exploit/keeper/api/client/BitKeeperClient.kt

@@ -4,9 +4,7 @@ import org.exploit.crypto.Hash
 import org.exploit.crypto.curve.Ed25519Provider
 import org.exploit.crypto.key.ed25519.Ed25519PublicKey
 import org.exploit.jettyx.Jettyx
-import org.exploit.keeper.api.CentralApi
-import org.exploit.keeper.api.FrostApi
-import org.exploit.keeper.api.GG20Api
+import org.exploit.keeper.api.*
 import org.exploit.keeper.api.auth.KeeperAuthenticator
 import org.exploit.keeper.extension.decodeBase64
 import org.exploit.keeper.extension.toSchnorrSignature
@@ -25,6 +23,14 @@ class BitKeeperClient(val peerId: Int, private val publicKey: Ed25519PublicKey,
         jettyx.newApiClient(url, auth).create(CentralApi::class.java)
     }
 
+    val keyGen: KeyGenApi by lazy {
+        jettyx.newApiClient(url, auth).create(KeyGenApi::class.java)
+    }
+
+    val public: PublicKeyApi by lazy {
+        jettyx.newApiClient(url, auth).create(PublicKeyApi::class.java)
+    }
+
     fun verifySignature(signature: String, path: String, timestamp: Long): Boolean {
         try {
             if (System.currentTimeMillis() - timestamp > 30 * 1000)

src/main/kotlin/org/exploit/keeper/constant/CurveName.kt

@@ -1,6 +1,12 @@
 package org.exploit.keeper.constant
 
-enum class CurveName {
-    SECP256K1,
-    ED25519
+enum class CurveName(val id: Int) {
+    SECP256K1(0x0),
+    ED25519(0x1);
+
+    companion object {
+        fun fromId(id: Int): CurveName {
+            return entries.find { it.id == id } ?: throw IllegalArgumentException("Unknown curve ID: $id")
+        }
+    }
 }

src/main/kotlin/org/exploit/keeper/constant/KeeperCurve.kt

@@ -13,34 +13,34 @@ sealed class KeeperCurve<P : PointOps<P>>(
     val params: EllipticCurveParams<P>,
     val opsClass: KClass<P>
 ) {
-    data object SECP256K1 : KeeperCurve<ECPointOps>(
-        ECCurveParams(SECNamedCurves.getByName("secp256k1")),
-        ECPointOps::class
-    ) {
+    data object SECP256K1 : KeeperCurve<ECPointOps>(ECCurveParams(SECNamedCurves.getByName("secp256k1")), ECPointOps::class) {
+        override fun keySize(): Int = 32
+
         override fun createPointOps(bytes: ByteArray): ECPointOps =
             ECPointOps((params as ECCurveParams).x9ECParameters.curve.decodePoint(bytes))
 
         override val name: CurveName = CurveName.SECP256K1
     }
 
-    data object ED25519: KeeperCurve<Ed25519PointOps>(
-        Ed25519CurveParams(),
-        Ed25519PointOps::class
-    ) {
+    data object ED25519: KeeperCurve<Ed25519PointOps>(Ed25519CurveParams(), Ed25519PointOps::class) {
+        override fun keySize(): Int = 32
+
         override fun createPointOps(bytes: ByteArray): Ed25519PointOps =
             Ed25519PointOps(bytes)
 
         override val name: CurveName = CurveName.ED25519
     }
 
+    abstract fun keySize(): Int
+
     abstract fun createPointOps(bytes: ByteArray): P
 
     abstract val name: CurveName
 
     companion object {
         private val _values = listOf(SECP256K1, ED25519)
 
-        fun fromName(name: CurveName): KeeperCurve<*> =
+        fun <P: PointOps<P>> fromName(name: CurveName): KeeperCurve<*> =
             _values.firstOrNull { it.name == name}
                 ?: throw IllegalArgumentException("Unknown KeeperCurve name: $name")
     }

src/main/kotlin/org/exploit/keeper/controller/core/CentralController.kt

@@ -7,6 +7,7 @@ import jakarta.ws.rs.QueryParam
 import jakarta.ws.rs.container.ContainerRequestContext
 import org.exploit.keeper.constant.Permission
 import org.exploit.keeper.exception.SealedException
+import org.exploit.keeper.extension.toUni
 import org.exploit.keeper.model.PublicKeyDto
 import org.exploit.keeper.service.auth.policy.MachinePolicyChecker
 import org.exploit.keeper.service.core.KeeperSealService
@@ -32,6 +33,6 @@ class CentralController(
 
         policyChecker.ensureHasPermission(ctx, Permission.keyGetPublicKey(keyId))
 
-        return pub.getPublicKey(keyId)
+        return pub.getPublicKey(keyId).toUni()
     }
 }

src/main/kotlin/org/exploit/keeper/controller/key/PublicKeyController.kt

@@ -0,0 +1,15 @@
+package org.exploit.keeper.controller.key
+
+import jakarta.ws.rs.GET
+import jakarta.ws.rs.Path
+import org.exploit.keeper.extension.toBase64
+import org.exploit.keeper.model.PublicKeyDto
+import org.exploit.keeper.service.pub.share.PublicKeyShareCalculator
+
+@Path("/v1/publicKey")
+class PublicKeyController(private val pubShare: PublicKeyShareCalculator) {
+    @GET
+    @Path("/{keyId}")
+    fun getPublicKey(keyId: String): PublicKeyDto =
+        PublicKeyDto(pubShare.pubKeyShare(keyId).share.encode(true).toBase64())
+}

src/main/kotlin/org/exploit/keeper/controller/keygen/KeyGenController.kt

@@ -0,0 +1,21 @@
+package org.exploit.keeper.controller.keygen
+
+import io.smallrye.mutiny.Uni
+import jakarta.ws.rs.POST
+import jakarta.ws.rs.Path
+import org.exploit.keeper.constant.KeeperCurve
+import org.exploit.keeper.model.request.Generate
+import org.exploit.keeper.service.keygen.starter.DKGenerator
+
+@Path("/v1/keeper/dkg")
+class KeyGenController(private val dkg: DKGenerator) {
+    @POST
+    @Path("/generate")
+    fun generate(body: Generate): Uni<Void> {
+        return dkg.generateKey(
+            keyId = body.keyId,
+            curve = KeeperCurve.fromName(body.curve),
+            overwrite = body.overwrite
+        )
+    }
+}

src/main/kotlin/org/exploit/keeper/controller/keygen/SystemKeyGenController.kt

@@ -0,0 +1,52 @@
+package org.exploit.keeper.controller.keygen
+
+import io.smallrye.mutiny.Uni
+import jakarta.ws.rs.*
+import org.exploit.keeper.api.auth.KeeperAuthenticator
+import org.exploit.keeper.constant.CurveName
+import org.exploit.keeper.constant.KeeperCurve
+import org.exploit.keeper.extension.toUni
+import org.exploit.keeper.model.keygen.ShamirShareDto
+import org.exploit.keeper.service.keygen.DistributedKeyCollector
+import org.exploit.keeper.service.keygen.DistributedKeyGen
+
+@Path("/v1/keygen")
+class SystemKeyGenController(
+    private val generator: DistributedKeyGen,
+    private val collector: DistributedKeyCollector
+) {
+    @POST
+    @Path("/init")
+    fun init(
+        @QueryParam("keyId") keyId: String,
+        @QueryParam("curve") curve: CurveName,
+        @QueryParam("overwrite") overwrite: Boolean
+    ) {
+        generator.init(keyId, KeeperCurve.fromName(curve), overwrite)
+    }
+
+    @POST
+    @Path("/collect")
+    fun collect(@QueryParam("keyId") keyId: String): Uni<Void> =
+        collector.collect(keyId).toUni()
+
+    @POST
+    @Path("/compute")
+    fun compute(@QueryParam("keyId") keyId: String) {
+        generator.compute(keyId)
+    }
+
+    @POST
+    @Path("/abort")
+    fun abort(@QueryParam("keyId") sessionId: String) {
+        generator.abort(sessionId)
+    }
+
+    @GET
+    @Path("/share")
+    fun share(
+        @QueryParam("keyId") keyId: String,
+        @HeaderParam(KeeperAuthenticator.HEADER_INSTANCE_ID) peerId: Int
+    ): ShamirShareDto =
+        generator.share(peerId, keyId)
+}

src/main/kotlin/org/exploit/keeper/controller/signature/FrostController.kt

@@ -24,7 +24,12 @@ class FrostController(
     @POST
     @Path("/init")
     fun init(body: InitSession) {
-        sessionFactory.createSession(body.sessionId, body.keyId, body.operations.unwrap(), body.participants,
+        sessionFactory.createSession(
+            body.sessionId,
+            body.keyId,
+            body.operations.unwrap(),
+            body.publicKey,
+            body.participants,
             KeeperCurve.fromName(body.curve))
     }