server side signing

package.json

@@ -44,6 +44,7 @@
     "@toruslabs/constants": "^13.0.1",
     "@toruslabs/customauth": "^18.1.0",
     "@toruslabs/eccrypto": "4.0.0",
+    "@toruslabs/http-helpers": "^5.0.0",
     "@toruslabs/fetch-node-details": "^13.1.1",
     "@toruslabs/fnd-base": "^13.1.1",
     "@toruslabs/metadata-helpers": "^5.x",
@@ -57,7 +58,8 @@
     "@web3auth/base-provider": "^7.3.1",
     "bn.js": "^5.2.1",
     "bowser": "^2.11.0",
-    "elliptic": "^6.5.4"
+    "elliptic": "^6.5.4",
+    "hi-base32": "^0.5.1"
   },
   "devDependencies": {
     "@babel/register": "^7.23.7",

src/constants.ts

@@ -65,3 +65,9 @@ export const CURVE = new EllipticCurve("secp256k1");
 
 export const MAX_FACTORS = 10; // Maximum number of factors that can be added to an account.
 export const SOCIAL_TKEY_INDEX = 1;
+
+export const OPS = {
+  DELETE_FACTOR: "delete_factor",
+  CREATE_FACTOR: "created_factor",
+  LOCAL_SIGN: "local_sign",
+};

src/helper/authenticator/authenticatorService.ts

@@ -0,0 +1,128 @@
+import { generatePrivate } from "@toruslabs/eccrypto";
+import { post } from "@toruslabs/http-helpers";
+import { keccak256 } from "@toruslabs/metadata-helpers";
+import { log } from "@web3auth/base";
+import BN from "bn.js";
+import type { ec } from "elliptic";
+import base32 from "hi-base32";
+
+import { CURVE } from "../../constants";
+import { IRemoteClientState, Web3AuthMPCCoreKit } from "../../index";
+
+export class AuthenticatorService {
+  private backendUrl: string;
+
+  private coreKitInstance: Web3AuthMPCCoreKit;
+
+  private authenticatorType: string = "authenticator";
+
+  private factorPub: string = "";
+
+  private tssIndex: number;
+
+  constructor(params: { backendUrl: string; coreKitInstance: Web3AuthMPCCoreKit; authenticatorType?: string }) {
+    const { backendUrl } = params;
+    this.backendUrl = backendUrl;
+    this.authenticatorType = params.authenticatorType || "authenticator";
+    this.coreKitInstance = params.coreKitInstance;
+    // this.remoteClient = remoteClient || false;
+  }
+
+  getDescriptionsAndUpdate() {
+    const arrayOfDescriptions = Object.entries(this.coreKitInstance.getKeyDetails().shareDescriptions).map(([key, value]) => {
+      const parsedDescription = (value || [])[0] ? JSON.parse(value[0]) : {};
+      return {
+        key,
+        description: parsedDescription,
+      };
+    });
+
+    const shareDescriptionsMobile = arrayOfDescriptions.find(({ description }) => description.authenticator === this.authenticatorType);
+    log.info("shareDescriptionsMobile", shareDescriptionsMobile);
+
+    if (shareDescriptionsMobile) {
+      this.factorPub = shareDescriptionsMobile.key;
+      this.tssIndex = shareDescriptionsMobile.description.tssShareIndex;
+    }
+
+    return shareDescriptionsMobile;
+  }
+
+  generateSecretKey(): string {
+    const key = generatePrivate().subarray(0, 20);
+    return base32.encode(key).toString().replace(/=/g, "");
+  }
+
+  async register(privKey: BN, secretKey: string): Promise<{ success: boolean; message?: string }> {
+    const privKeyPair: ec.KeyPair = CURVE.keyFromPrivate(privKey.toString(16, 64));
+    const pubKey = privKeyPair.getPublic();
+    const sig = CURVE.sign(keccak256(Buffer.from(secretKey, "utf8")), Buffer.from(privKey.toString(16, 64), "hex"));
+
+    const data = {
+      pubKey: {
+        x: pubKey.getX().toString(16, 64),
+        y: pubKey.getY().toString(16, 64),
+      },
+      sig: {
+        r: sig.r.toString(16, 64),
+        s: sig.s.toString(16, 64),
+        v: new BN(sig.recoveryParam as number).toString(16, 2),
+      },
+      secretKey,
+    };
+
+    const resp = await post<{
+      success: boolean;
+      message: string;
+    }>(`${this.backendUrl}/api/v3/register`, data);
+
+    return resp;
+  }
+
+  async addRecovery(address: string, code: string, factorKey: BN) {
+    if (!factorKey) throw new Error("factorKey is not defined");
+    if (!address) throw new Error("address is not defined");
+    if (!code) throw new Error("code is not defined");
+
+    const data = {
+      address,
+      code,
+      data: {
+        // If the verification is complete, we save the factorKey for the user address.
+        // This factorKey is used to verify the user in the future on a new device and recover tss share.
+        factorKey: factorKey.toString(16, 64),
+      },
+    };
+
+    await post(`${this.backendUrl}/api/v3/verify`, data);
+  }
+
+  async verifyRecovery(address: string, code: string): Promise<BN | undefined> {
+    const verificationData = {
+      address,
+      code,
+    };
+
+    const response = await post<{ data?: Record<string, string> }>(`${this.backendUrl}/api/v3/verify`, verificationData);
+    const { data } = response;
+    return data ? new BN(data.factorKey, "hex") : undefined;
+  }
+
+  async verifyRemoteSetup(address: string, code: string): Promise<IRemoteClientState & { tssShareIndex: string }> {
+    const verificationData = {
+      address,
+      code,
+    };
+
+    const response = await post<{ data?: Record<string, string> }>(`${this.backendUrl}/api/v3/verify_remote`, verificationData);
+    const { data } = response;
+
+    return {
+      tssShareIndex: this.tssIndex.toString(),
+      remoteClientUrl: this.backendUrl,
+      remoteFactorPub: this.factorPub,
+      metadataShare: data.metadataShare,
+      remoteClientToken: data.signature,
+    };
+  }
+}