AWS Integration (ZenGo-X#11)

- DynamoDB integration (remote database, low latency and full managed by AWS) - User authentication using Json Web Tokens and AWS Cognito pools (this is optional and has to be defined (1) in Settings.toml or (2) as environment variable. - Thin client and refactoring in order to abstract for the client the process of keygen. - Additional unit testing Tested with RUST_TEST_THREADS=1 cargo test
same-id · Mar 4, 2019 · 2f26ea7 · 2f26ea7
1 parent b22e803
commit 2f26ea7
Show file tree

Hide file tree

Showing 43 changed files with 2,133 additions and 441 deletions.
diff --git a/Dockerfile b/Dockerfile
diff --git a/Dockerrun.aws.json b/Dockerrun.aws.json
diff --git a/gotham-client/.gitignore b/gotham-client/.gitignore
@@ -2,7 +2,7 @@
 # will have compiled files and executables
 /target/
 
-# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# Remove Cargo.lock from .gitignore if creating an executable, leave it for libraries
 # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
 Cargo.lock
 
@@ -11,7 +11,7 @@ Cargo.lock
 .idea
 db/
 *.priv
-wallet.data
+wallet/wallet.data
 escrow/client.backup
 escrow/escrow-sk.json
 escrow/sk-recovered.json
diff --git a/gotham-client/Settings.toml b/gotham-client/Settings.toml
@@ -0,0 +1 @@
+endpoint = "http://localhost:8000"
diff --git a/gotham-client/escrow/.gitkeep b/gotham-client/escrow/.gitkeep
diff --git a/gotham-client/src/api/mod.rs b/gotham-client/src/api/mod.rs
@@ -0,0 +1,36 @@
+use super::ecdsa::{keygen, sign};
+use kms::ecdsa::two_party::MasterKey2;
+use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_one;
+use reqwest;
+
+pub struct ClientShim {
+    pub client: reqwest::Client,
+    pub endpoint: String,
+}
+
+impl ClientShim {
+    pub fn new(endpoint: String) -> ClientShim {
+        let client = reqwest::Client::new();
+        ClientShim { client, endpoint }
+    }
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct PrivateShare {
+    pub id: String,
+    pub master_key: MasterKey2,
+}
+
+pub fn get_master_key(client_shim: &ClientShim) -> PrivateShare {
+    keygen::get_master_key(&client_shim)
+}
+
+pub fn sign(
+    client_shim: &ClientShim,
+    message: bitcoin::util::hash::Sha256dHash,
+    mk: &MasterKey2,
+    pos: u32,
+    id: &String,
+) -> party_one::Signature {
+    sign::sign(&client_shim, message, mk, pos, id)
+}
diff --git a/gotham-client/src/ecdsa/keygen.rs b/gotham-client/src/ecdsa/keygen.rs
@@ -7,7 +7,6 @@
 // version 3 of the License, or (at your option) any later version.
 //
 
-use reqwest;
 use serde_json;
 use time::PreciseTime;
 
@@ -16,29 +15,26 @@ use kms::chain_code::two_party as chain_code;
 use kms::ecdsa::two_party::*;
 use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::*;
 
+use super::super::api;
 use super::super::utilities::requests;
-use super::super::wallet;
 
 const KG_PATH_PRE: &str = "ecdsa/keygen";
 
-pub fn get_master_key(client: &reqwest::Client) -> wallet::PrivateShares {
+pub fn get_master_key(client_shim: &api::ClientShim) -> api::PrivateShare {
     let start = PreciseTime::now();
 
-    let res_body = requests::post(client, &format!("{}/first", KG_PATH_PRE)).unwrap();
+    let res_body = requests::post(client_shim, &format!("{}/first", KG_PATH_PRE)).unwrap();
 
     let (id, kg_party_one_first_message): (String, party_one::KeyGenFirstMsg) =
         serde_json::from_str(&res_body).unwrap();
 
-    println!("(id: {}) Generating master key...", id);
-
     let (kg_party_two_first_message, kg_ec_key_pair_party2) = MasterKey2::key_gen_first_message();
 
     let body = &kg_party_two_first_message.d_log_proof;
 
     let res_body =
-        requests::postb(client, &format!("{}/{}/second", KG_PATH_PRE, id), body).unwrap();
+        requests::postb(client_shim, &format!("{}/{}/second", KG_PATH_PRE, id), body).unwrap();
 
-    // TODO: second param not needed
     let kg_party_one_second_message: party1::KeyGenParty1Message2 =
         serde_json::from_str(&res_body).unwrap();
 
@@ -52,7 +48,8 @@ pub fn get_master_key(client: &reqwest::Client) -> wallet::PrivateShares {
 
     let body = &party_two_second_message.pdl_first_message;
 
-    let res_body = requests::postb(client, &format!("{}/{}/third", KG_PATH_PRE, id), body).unwrap();
+    let res_body =
+        requests::postb(client_shim, &format!("{}/{}/third", KG_PATH_PRE, id), body).unwrap();
 
     let party_one_third_message: party_one::PDLFirstMessage =
         serde_json::from_str(&res_body).unwrap();
@@ -64,7 +61,7 @@ pub fn get_master_key(client: &reqwest::Client) -> wallet::PrivateShares {
     let body = &party_2_pdl_second_message;
 
     let res_body =
-        requests::postb(client, &format!("{}/{}/fourth", KG_PATH_PRE, id), body).unwrap();
+        requests::postb(client_shim, &format!("{}/{}/fourth", KG_PATH_PRE, id), body).unwrap();
 
     let party_one_pdl_second_message: party_one::PDLSecondMessage =
         serde_json::from_str(&res_body).unwrap();
@@ -76,8 +73,11 @@ pub fn get_master_key(client: &reqwest::Client) -> wallet::PrivateShares {
     )
     .expect("pdl error party1");
 
-    let res_body =
-        requests::post(client, &format!("{}/{}/chaincode/first", KG_PATH_PRE, id)).unwrap();
+    let res_body = requests::post(
+        client_shim,
+        &format!("{}/{}/chaincode/first", KG_PATH_PRE, id),
+    )
+    .unwrap();
 
     let cc_party_one_first_message: Party1FirstMessage = serde_json::from_str(&res_body).unwrap();
 
@@ -87,7 +87,7 @@ pub fn get_master_key(client: &reqwest::Client) -> wallet::PrivateShares {
     let body = &cc_party_two_first_message.d_log_proof;
 
     let res_body = requests::postb(
-        client,
+        client_shim,
         &format!("{}/{}/chaincode/second", KG_PATH_PRE, id),
         body,
     )
@@ -117,10 +117,8 @@ pub fn get_master_key(client: &reqwest::Client) -> wallet::PrivateShares {
         &party_two_paillier,
     );
 
-    println!("(id: {}) Master key gen completed", id);
-
     let end = PreciseTime::now();
     println!("(id: {}) Took: {}", id, start.to(end));
 
-    wallet::PrivateShares { id, master_key }
+    api::PrivateShare { id, master_key }
 }
diff --git a/gotham-client/src/ecdsa/mod.rs b/gotham-client/src/ecdsa/mod.rs
@@ -6,6 +6,6 @@
 // License as published by the Free Software Foundation, either
 // version 3 of the License, or (at your option) any later version.
 //
-
 pub mod keygen;
 pub mod rotate;
+pub mod sign;
diff --git a/gotham-client/src/ecdsa/rotate.rs b/gotham-client/src/ecdsa/rotate.rs
@@ -7,9 +7,10 @@
 // version 3 of the License, or (at your option) any later version.
 //
 
-use reqwest;
 use serde_json;
 
+use super::super::api;
+use super::super::api::PrivateShare;
 use super::super::utilities::requests;
 use super::super::wallet;
 use curv::cryptographic_primitives::twoparty::coin_flip_optimal_rounds;
@@ -21,9 +22,9 @@ use std::collections::HashMap;
 
 const ROT_PATH_PRE: &str = "ecdsa/rotate";
 
-pub fn rotate_master_key(wallet: wallet::Wallet, client: &reqwest::Client) -> wallet::Wallet {
-    let id = &wallet.private_shares.id.clone();
-    let res_body = requests::post(client, &format!("{}/{}/first", ROT_PATH_PRE, id)).unwrap();
+pub fn rotate_master_key(wallet: wallet::Wallet, client_shim: &api::ClientShim) -> wallet::Wallet {
+    let id = &wallet.private_share.id.clone();
+    let res_body = requests::post(client_shim, &format!("{}/{}/first", ROT_PATH_PRE, id)).unwrap();
 
     let coin_flip_party1_first_message: coin_flip_optimal_rounds::Party1FirstMessage =
         serde_json::from_str(&res_body).unwrap();
@@ -34,7 +35,7 @@ pub fn rotate_master_key(wallet: wallet::Wallet, client: &reqwest::Client) -> wa
     let body = &coin_flip_party2_first_message;
 
     let res_body = requests::postb(
-        client,
+        client_shim,
         &format!("{}/{}/second", ROT_PATH_PRE, id.clone()),
         body,
     )
@@ -52,7 +53,7 @@ pub fn rotate_master_key(wallet: wallet::Wallet, client: &reqwest::Client) -> wa
     );
 
     let result_rotate_party_one_first_message = wallet
-        .private_shares
+        .private_share
         .master_key
         .rotate_first_message(&random2, &rotation_party1_first_message);
     if result_rotate_party_one_first_message.is_err() {
@@ -65,7 +66,7 @@ pub fn rotate_master_key(wallet: wallet::Wallet, client: &reqwest::Client) -> wa
     let body = &rotation_party_two_first_message;
 
     let res_body = requests::postb(
-        client,
+        client_shim,
         &format!("{}/{}/third", ROT_PATH_PRE, id.clone()),
         body,
     )
@@ -79,7 +80,7 @@ pub fn rotate_master_key(wallet: wallet::Wallet, client: &reqwest::Client) -> wa
     let body = &rotation_party_two_second_message;
 
     let res_body = requests::postb(
-        client,
+        client_shim,
         &format!("{}/{}/fourth", ROT_PATH_PRE, id.clone()),
         body,
     )
@@ -89,7 +90,7 @@ pub fn rotate_master_key(wallet: wallet::Wallet, client: &reqwest::Client) -> wa
         serde_json::from_str(&res_body).unwrap();
 
     let result_rotate_party_one_third_message =
-        wallet.private_shares.master_key.rotate_third_message(
+        wallet.private_share.master_key.rotate_third_message(
             &random2,
             &party_two_paillier,
             &party_two_pdl_chal,
@@ -102,15 +103,16 @@ pub fn rotate_master_key(wallet: wallet::Wallet, client: &reqwest::Client) -> wa
 
     let party_two_master_key_rotated = result_rotate_party_one_third_message.unwrap();
 
-    let private_shares = wallet::PrivateShares {
-        id: wallet.private_shares.id.clone(),
+    let private_share = PrivateShare {
+        id: wallet.private_share.id.clone(),
         master_key: party_two_master_key_rotated,
     };
+
     let addresses_derivation_map = HashMap::new();
     let mut wallet_after_rotate = wallet::Wallet {
         id: wallet.id.clone(),
         network: wallet.network.clone(),
-        private_shares,
+        private_share,
         last_derived_pos: wallet.last_derived_pos.clone(),
         addresses_derivation_map,
     };

diff --git a/gotham-client/src/ecdsa/sign.rs b/gotham-client/src/ecdsa/sign.rs
@@ -0,0 +1,67 @@
+use bitcoin;
+use curv::BigInt;
+use kms::ecdsa::two_party::party2;
+use kms::ecdsa::two_party::MasterKey2;
+use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_one;
+use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_two;
+
+use super::super::api;
+use super::super::utilities::requests;
+use curv::arithmetic::traits::Converter;
+
+#[derive(Serialize, Deserialize)]
+pub struct SignSecondMsgRequest {
+    pub message: BigInt,
+    pub party_two_sign_message: party2::SignMessage,
+    pub pos_child_key: u32,
+}
+
+pub fn sign(
+    client_shim: &api::ClientShim,
+    message: bitcoin::util::hash::Sha256dHash,
+    mk: &MasterKey2,
+    pos: u32,
+    id: &String,
+) -> party_one::Signature {
+    let (eph_key_gen_first_message_party_two, eph_comm_witness, eph_ec_key_pair_party2) =
+        MasterKey2::sign_first_message();
+
+    let request: party_two::EphKeyGenFirstMsg = eph_key_gen_first_message_party_two;
+    let res_body =
+        requests::postb(client_shim, &format!("/ecdsa/sign/{}/first", id), &request).unwrap();
+
+    let sign_party_one_first_message: party_one::EphKeyGenFirstMsg =
+        serde_json::from_str(&res_body).unwrap();
+
+    let party_two_sign_message = mk.sign_second_message(
+        &eph_ec_key_pair_party2,
+        eph_comm_witness.clone(),
+        &sign_party_one_first_message,
+        &BigInt::from_hex(&message.le_hex_string()),
+    );
+
+    let signature: party_one::Signature =
+        get_signature(client_shim, message, party_two_sign_message, pos, &id);
+
+    signature
+}
+
+fn get_signature(
+    client_shim: &api::ClientShim,
+    message: bitcoin::util::hash::Sha256dHash,
+    party_two_sign_message: party2::SignMessage,
+    pos_child_key: u32,
+    id: &String,
+) -> party_one::Signature {
+    let request: SignSecondMsgRequest = SignSecondMsgRequest {
+        message: BigInt::from_hex(&message.le_hex_string()),
+        party_two_sign_message,
+        pos_child_key,
+    };
+
+    let res_body =
+        requests::postb(client_shim, &format!("/ecdsa/sign/{}/second", id), &request).unwrap();
+
+    let signature: party_one::Signature = serde_json::from_str(&res_body).unwrap();
+    signature
+}
diff --git a/gotham-client/src/lib.rs b/gotham-client/src/lib.rs
@@ -13,6 +13,7 @@ extern crate kms;
 extern crate multi_party_ecdsa;
 extern crate reqwest;
 extern crate zk_paillier;
+extern crate config;
 
 #[macro_use]
 extern crate serde_derive;
@@ -30,6 +31,7 @@ extern crate secp256k1;
 extern crate time;
 extern crate uuid;
 
+pub mod api;
 pub mod ecdsa;
 pub mod escrow;
 pub mod utilities;