feat: secure p2p

Cargo.toml

@@ -5,6 +5,7 @@ members = [
     "node",
     "integration-tests",
     "load-tests",
+    "keys",
     "test-oidc-provider",
 ]
 

Dockerfile.multichain

@@ -8,12 +8,14 @@ RUN apt-get update \
 RUN echo "fn main() {}" > dummy.rs
 COPY node/Cargo.toml Cargo.toml
 RUN sed -i 's#src/main.rs#dummy.rs#' Cargo.toml
+RUN sed -i 's#mpc-keys = { path = "../keys" }##' Cargo.toml
 RUN sed -i 's#mpc-contract = { path = "../contract" }##' Cargo.toml
 RUN cargo build
 COPY . .
 RUN sed -i 's#"mpc-recovery",##' Cargo.toml
 RUN sed -i 's#"integration-tests",##' Cargo.toml
 RUN sed -i 's#"load-tests",##' Cargo.toml
+RUN sed -i 's#"keys",##' Cargo.toml
 RUN cargo build --package mpc-recovery-node
 
 FROM debian:stable-slim as runtime

contract/src/lib.rs

@@ -5,6 +5,10 @@ use std::collections::{HashMap, HashSet};
 
 type ParticipantId = u32;
 
+pub mod hpke {
+    pub type PublicKey = [u8; 32];
+}
+
 #[derive(
     Serialize,
     Deserialize,
@@ -22,6 +26,10 @@ pub struct ParticipantInfo {
     pub id: ParticipantId,
     pub account_id: AccountId,
     pub url: String,
+    /// The public key used for encrypting messages.
+    pub cipher_pk: hpke::PublicKey,
+    /// The public key used for verifying messages.
+    pub sign_pk: PublicKey,
 }
 
 #[derive(BorshDeserialize, BorshSerialize, Serialize, Deserialize, Debug)]
@@ -34,6 +42,7 @@ pub struct InitializingContractState {
 #[derive(BorshDeserialize, BorshSerialize, Serialize, Deserialize, Debug)]
 pub struct RunningContractState {
     pub epoch: u64,
+    // TODO: why is this account id for participants instead of participant id?
     pub participants: HashMap<AccountId, ParticipantInfo>,
     pub threshold: usize,
     pub public_key: PublicKey,
@@ -83,7 +92,13 @@ impl MpcContract {
         self.protocol_state
     }
 
-    pub fn join(&mut self, participant_id: ParticipantId, url: String) {
+    pub fn join(
+        &mut self,
+        participant_id: ParticipantId,
+        url: String,
+        cipher_pk: hpke::PublicKey,
+        sign_pk: PublicKey,
+    ) {
         match &mut self.protocol_state {
             ProtocolContractState::Running(RunningContractState {
                 participants,
@@ -100,6 +115,8 @@ impl MpcContract {
                         id: participant_id,
                         account_id,
                         url,
+                        cipher_pk,
+                        sign_pk,
                     },
                 );
             }

integration-tests/Cargo.toml

@@ -16,6 +16,7 @@ futures = "0.3"
 hex = "0.4.3"
 hyper = { version = "0.14", features = ["full"] }
 mpc-contract = { path = "../contract" }
+mpc-keys = { path = "../keys" }
 mpc-recovery = { path = "../mpc-recovery" }
 mpc-recovery-node = { path = "../node" }
 multi-party-eddsa = { git = "https://github.com/DavidM-D/multi-party-eddsa.git", rev = "25ae4fdc5ff7819ae70e73ab4afacf1c24fc4da1" }
@@ -46,8 +47,6 @@ tracing-log = "0.1.3"
 tokio-util = { version = "0.7", features = ["full"] }
 reqwest = "0.11.16"
 
-mpc-contract = { path = "../contract" }
-
 [features]
 default = []
 docker-test = []

integration-tests/src/multichain/containers.rs

@@ -1,4 +1,5 @@
 use ed25519_dalek::ed25519::signature::digest::{consts::U32, generic_array::GenericArray};
+use mpc_keys::hpke;
 use multi_party_eddsa::protocols::ExpandedKeyPair;
 use near_workspaces::AccountId;
 use testcontainers::{
@@ -11,6 +12,9 @@ pub struct Node<'a> {
     pub container: Container<'a, GenericImage>,
     pub address: String,
     pub local_address: String,
+    pub cipher_pk: hpke::PublicKey,
+    pub cipher_sk: hpke::SecretKey,
+    pub sign_pk: near_workspaces::types::PublicKey,
 }
 
 pub struct NodeApi {
@@ -33,13 +37,16 @@ impl<'a> Node<'a> {
         account_sk: &near_workspaces::types::SecretKey,
     ) -> anyhow::Result<Node<'a>> {
         tracing::info!(node_id, "running node container");
+        let (cipher_sk, cipher_pk) = hpke::generate();
         let args = mpc_recovery_node::cli::Cli::Start {
             node_id: node_id.into(),
             near_rpc: ctx.lake_indexer.rpc_host_address.clone(),
             mpc_contract_id: ctx.mpc_contract.id().clone(),
             account: account.clone(),
             account_sk: account_sk.to_string().parse()?,
             web_port: Self::CONTAINER_PORT,
+            cipher_pk: hex::encode(cipher_pk.to_bytes()),
+            cipher_sk: hex::encode(cipher_sk.to_bytes()),
             indexer_options: mpc_recovery_node::indexer::Options {
                 s3_bucket: ctx.localstack.s3_host_address.clone(),
                 s3_region: ctx.localstack.s3_region.clone(),
@@ -72,6 +79,9 @@ impl<'a> Node<'a> {
             container,
             address: full_address,
             local_address: format!("http://localhost:{host_port}"),
+            cipher_pk,
+            cipher_sk,
+            sign_pk: account_sk.public_key(),
         })
     }
 }

integration-tests/src/multichain/local.rs

@@ -1,13 +1,16 @@
 use crate::{mpc, util};
 use async_process::Child;
+use mpc_keys::hpke;
 use near_workspaces::AccountId;
 
 #[allow(dead_code)]
 pub struct Node {
     pub address: String,
     node_id: usize,
     account: AccountId,
-    account_sk: near_workspaces::types::SecretKey,
+    pub account_sk: near_workspaces::types::SecretKey,
+    pub cipher_pk: hpke::PublicKey,
+    cipher_sk: hpke::SecretKey,
 
     // process held so it's not dropped. Once dropped, process will be killed.
     #[allow(unused)]
@@ -22,13 +25,16 @@ impl Node {
         account_sk: &near_workspaces::types::SecretKey,
     ) -> anyhow::Result<Self> {
         let web_port = util::pick_unused_port().await?;
+        let (cipher_sk, cipher_pk) = hpke::generate();
         let cli = mpc_recovery_node::cli::Cli::Start {
             node_id: node_id.into(),
             near_rpc: ctx.lake_indexer.rpc_host_address.clone(),
             mpc_contract_id: ctx.mpc_contract.id().clone(),
             account: account.clone(),
             account_sk: account_sk.to_string().parse()?,
             web_port,
+            cipher_pk: hex::encode(cipher_pk.to_bytes()),
+            cipher_sk: hex::encode(cipher_sk.to_bytes()),
             indexer_options: mpc_recovery_node::indexer::Options {
                 s3_bucket: ctx.localstack.s3_host_address.clone(),
                 s3_region: ctx.localstack.s3_region.clone(),
@@ -48,6 +54,8 @@ impl Node {
             node_id: node_id as usize,
             account: account.clone(),
             account_sk: account_sk.clone(),
+            cipher_pk,
+            cipher_sk,
             process,
         })
     }

integration-tests/src/multichain/mod.rs

@@ -133,6 +133,8 @@ pub async fn docker(nodes: usize, docker_client: &DockerClient) -> anyhow::Resul
                     id: i as u32,
                     account_id: account.id().to_string().parse().unwrap(),
                     url: node.address.clone(),
+                    cipher_pk: node.cipher_pk.to_bytes(),
+                    sign_pk: node.sign_pk.to_string().parse().unwrap(),
                 },
             )
         })
@@ -182,6 +184,8 @@ pub async fn host(nodes: usize, docker_client: &DockerClient) -> anyhow::Result<
                     id: i as u32,
                     account_id: account.id().to_string().parse().unwrap(),
                     url: node.address.clone(),
+                    cipher_pk: node.cipher_pk.to_bytes(),
+                    sign_pk: node.account_sk.public_key().to_string().parse().unwrap(),
                 },
             )
         })

keys/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "mpc-keys"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+crate-type = ["cdylib", "lib"]
+
+[dependencies]
+borsh = { version = "0.9.3" }
+hpke = { version = "0.11", features = ["serde_impls", "std"] }
+serde = { version = "1", features = ["derive"] }
+rand = { version = "0.8" }
+
+[dev-dependencies]
+hex = "*"

keys/src/hpke.rs

@@ -0,0 +1,156 @@
+use borsh::{self, BorshDeserialize, BorshSerialize};
+use hpke::{
+    aead::{AeadTag, ChaCha20Poly1305},
+    kdf::HkdfSha384,
+    kem::X25519HkdfSha256,
+    OpModeR,
+};
+use serde::{Deserialize, Serialize};
+
+/// This can be used to customize the generated key. This will be used as a sort of
+/// versioning mechanism for the key.
+const INFO_ENTROPY: &[u8] = b"session-key-v1";
+
+// Interchangeable type parameters for the HPKE context.
+pub type Kem = X25519HkdfSha256;
+pub type Aead = ChaCha20Poly1305;
+pub type Kdf = HkdfSha384;
+
+#[derive(Serialize, Deserialize)]
+pub struct Ciphered {
+    pub encapped_key: EncappedKey,
+    pub text: CipherText,
+    pub tag: Tag,
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct Tag(AeadTag<Aead>);
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct PublicKey(<Kem as hpke::Kem>::PublicKey);
+
+// NOTE: Arc is used to hack up the fact that the internal private key does not have Send constraint.
+#[derive(Clone, PartialEq, Eq, Serialize, Deserialize)]
+pub struct SecretKey(<Kem as hpke::Kem>::PrivateKey);
+
+#[derive(Clone, Serialize, Deserialize)]
+pub struct EncappedKey(<Kem as hpke::Kem>::EncappedKey);
+
+// Series of bytes that have been previously encoded/encrypted.
+pub type CipherText = Vec<u8>;
+
+impl PublicKey {
+    pub fn to_bytes(&self) -> [u8; 32] {
+        hpke::Serializable::to_bytes(&self.0).into()
+    }
+
+    pub fn try_from_bytes(bytes: &[u8]) -> Result<Self, hpke::HpkeError> {
+        Ok(Self(hpke::Deserializable::from_bytes(bytes)?))
+    }
+
+    /// Assumes the bytes are correctly formatted.
+    pub fn from_bytes(bytes: &[u8]) -> Self {
+        Self::try_from_bytes(bytes).expect("invalid bytes")
+    }
+
+    pub fn encrypt(&self, msg: &[u8], associated_data: &[u8]) -> Result<Ciphered, hpke::HpkeError> {
+        let mut csprng = <rand::rngs::StdRng as rand::SeedableRng>::from_entropy();
+
+        // Encapsulate a key and use the resulting shared secret to encrypt a message. The AEAD context
+        // is what you use to encrypt.
+        let (encapped_key, mut sender_ctx) = hpke::setup_sender::<Aead, Kdf, Kem, _>(
+            &hpke::OpModeS::Base,
+            &self.0,
+            INFO_ENTROPY,
+            &mut csprng,
+        )?;
+
+        // On success, seal_in_place_detached() will encrypt the plaintext in place
+        let mut ciphertext = msg.to_vec();
+        let tag = sender_ctx.seal_in_place_detached(&mut ciphertext, associated_data)?;
+        Ok(Ciphered {
+            encapped_key: EncappedKey(encapped_key),
+            text: ciphertext,
+            tag: Tag(tag),
+        })
+    }
+}
+
+impl BorshSerialize for PublicKey {
+    fn serialize<W: std::io::Write>(&self, writer: &mut W) -> std::io::Result<()> {
+        BorshSerialize::serialize(&self.to_bytes(), writer)
+    }
+}
+
+impl BorshDeserialize for PublicKey {
+    fn deserialize(buf: &mut &[u8]) -> std::io::Result<Self> {
+        Ok(Self::from_bytes(
+            &<Vec<u8> as BorshDeserialize>::deserialize(buf)?,
+        ))
+    }
+}
+
+impl SecretKey {
+    pub fn to_bytes(&self) -> [u8; 32] {
+        hpke::Serializable::to_bytes(&self.0).into()
+    }
+
+    pub fn try_from_bytes(bytes: &[u8]) -> Result<Self, hpke::HpkeError> {
+        Ok(Self(hpke::Deserializable::from_bytes(bytes)?))
+    }
+
+    pub fn decrypt(
+        &self,
+        cipher: &Ciphered,
+        associated_data: &[u8],
+    ) -> Result<Vec<u8>, hpke::HpkeError> {
+        // Decapsulate and derive the shared secret. This creates a shared AEAD context.
+        let mut receiver_ctx = hpke::setup_receiver::<Aead, Kdf, Kem>(
+            &OpModeR::Base,
+            &self.0,
+            &cipher.encapped_key.0,
+            INFO_ENTROPY,
+        )?;
+
+        // On success, open_in_place_detached() will decrypt the ciphertext in place
+        let mut plaintext = cipher.text.to_vec();
+        receiver_ctx.open_in_place_detached(&mut plaintext, associated_data, &cipher.tag.0)?;
+        Ok(plaintext)
+    }
+
+    /// Get the public key associated with this secret key.
+    pub fn public_key(&self) -> PublicKey {
+        PublicKey(<Kem as hpke::Kem>::sk_to_pk(&self.0))
+    }
+}
+
+pub fn generate() -> (SecretKey, PublicKey) {
+    let mut csprng = <rand::rngs::StdRng as rand::SeedableRng>::from_entropy();
+    let (sk, pk) = <Kem as hpke::Kem>::gen_keypair(&mut csprng);
+    (SecretKey(sk), PublicKey(pk))
+}
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn test_encrypt_decrypt() {
+        let (sk, pk) = super::generate();
+        let msg = b"hello world";
+        let associated_data = b"associated data";
+
+        let cipher = pk.encrypt(msg, associated_data).unwrap();
+        let decrypted = sk.decrypt(&cipher, associated_data).unwrap();
+
+        assert_eq!(msg, &decrypted[..]);
+    }
+
+    #[test]
+    fn test_serialization_format() {
+        let sk_hex = "cf3df427dc1377914349b592cfff8deb4b9f8ab1cc4baa8e8e004b6502ac1ca0";
+        let pk_hex = "0e6d143bff1d67f297ac68cb9be3667e38f1dc2b244be48bf1d6c6bd7d367c3c";
+
+        let sk = super::SecretKey::try_from_bytes(&hex::decode(sk_hex).unwrap()).unwrap();
+        let pk = super::PublicKey::try_from_bytes(&hex::decode(pk_hex).unwrap()).unwrap();
+        assert_eq!(sk.public_key(), pk);
+    }
+}

keys/src/lib.rs

@@ -0,0 +1,24 @@
+#[cfg(not(feature = "wasm"))]
+pub mod hpke;
+
+#[cfg(feature = "wasm")]
+pub mod hpke {
+    use borsh::{self, BorshDeserialize, BorshSerialize};
+    use serde::{Deserialize, Serialize};
+
+    /// HPKE public key interface for wasm contracts
+    #[derive(
+        Clone,
+        Debug,
+        Hash,
+        PartialEq,
+        Eq,
+        PartialOrd,
+        Ord,
+        Serialize,
+        Deserialize,
+        BorshSerialize,
+        BorshDeserialize,
+    )]
+    pub struct PublicKey([u8; 32]);
+}