fix: add support for frost signing

Author: ieow

src/interfaces.ts

@@ -1,4 +1,4 @@
-import { BNString, KeyType, Point as TkeyPoint, ShareDescriptionMap } from "@tkey/common-types";
+import { BNString, FactorEnc, KeyType, Point as TkeyPoint, ShareDescriptionMap } from "@tkey/common-types";
 import { IRemoteClientState, TKeyTSS } from "@tkey/tss";
 import type {
   AGGREGATE_VERIFIER_TYPE,
@@ -9,6 +9,7 @@ import type {
   TorusVerifierResponse,
   UX_MODE_TYPE,
 } from "@toruslabs/customauth";
+import { PointHex } from "@toruslabs/tss-client";
 // TODO: move the types to a base class for both dkls and frost in future
 import type { tssLib as TssDklsLib } from "@toruslabs/tss-dkls-lib";
 import type { tssLib as TssFrostLib } from "@toruslabs/tss-frost-lib";
@@ -472,3 +473,41 @@ export interface EthereumSigner {
   sign: (msgHash: Buffer) => Promise<EthSig>;
   getPublic: () => Promise<Buffer>;
 }
+
+type SupportedCurve = "secp256k1" | "ed25519";
+// remote signer interface
+export type RemoteDklsSignParams = {
+  factorEnc?: FactorEnc;
+  sessionId: string;
+  tssNonce: number;
+  accountNonce: string;
+  tssPubKeyHex: string;
+
+  nodeIndexes: number[];
+  tssCommits: PointHex[];
+
+  signatures: string[];
+
+  serverEndpoints: {
+    endpoints: string[];
+    tssWSEndpoints: string[];
+    partyIndexes: number[];
+  };
+
+  curve: SupportedCurve;
+};
+
+export type RemoteFrostSignParams = {
+  sessionId: string;
+  signatures: string[];
+  tssCommits: PointHex[];
+  factorEnc: FactorEnc;
+  serverXCoords: number[];
+  clientXCoord: number;
+  serverCoefficients: string[];
+  clientCoefficient: string;
+  tssPubKeyHex: string;
+  serverURLs: string[];
+
+  curve: SupportedCurve;
+};

src/mpcCoreKit.ts

@@ -2,7 +2,16 @@ import { BNString, KeyType, Point, secp256k1, SHARE_DELETED, ShareStore, Stringi
 import { CoreError } from "@tkey/core";
 import { ShareSerializationModule } from "@tkey/share-serialization";
 import { TorusStorageLayer } from "@tkey/storage-layer-torus";
-import { DELIMITERS, factorKeyCurve, getPubKeyPoint, IRemoteClientState, lagrangeInterpolation, TKeyTSS, TSSTorusServiceProvider } from "@tkey/tss";
+import {
+  DELIMITERS,
+  factorKeyCurve,
+  getPubKeyPoint,
+  IRemoteClientState,
+  lagrangeInterpolation,
+  pointToHex,
+  TKeyTSS,
+  TSSTorusServiceProvider,
+} from "@tkey/tss";
 import { KEY_TYPE, SIGNER_MAP } from "@toruslabs/constants";
 import { AGGREGATE_VERIFIER, TORUS_METHOD, TorusAggregateLoginResponse, TorusLoginResponse, UX_MODE } from "@toruslabs/customauth";
 import type { UX_MODE_TYPE } from "@toruslabs/customauth/dist/types/utils/enums";
@@ -44,6 +53,8 @@ import {
   JWTLoginParams,
   MPCKeyDetails,
   OAuthLoginParams,
+  RemoteDklsSignParams,
+  RemoteFrostSignParams,
   SessionData,
   SubVerifierDetailsParams,
   TkeyLocalStoreData,
@@ -591,7 +602,9 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     const { shareType } = createFactorParams;
 
     let { factorKey, shareDescription, additionalMetadata } = createFactorParams;
-    factorKey = factorKey ? new BN(factorKey, "hex") : undefined;
+    if (typeof factorKey === "string") {
+      factorKey = new BN(factorKey, "hex");
+    }
 
     if (!VALID_SHARE_INDICES.includes(shareType)) {
       throw CoreKitError.newShareIndexInvalid(`Invalid share type provided (${shareType}). Valid share types are ${VALID_SHARE_INDICES}.`);
@@ -670,6 +683,9 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
       const sig = await this.sign_ECDSA_secp256k1(data, hashed);
       return Buffer.concat([sig.r, sig.s, Buffer.from([sig.v])]);
     } else if (this.keyType === KeyType.ed25519) {
+      if (this.state.remoteClient) {
+        return this.remoteSignFrostEd25519(data, hashed);
+      }
       return this.sign_ed25519(data, hashed);
     }
     throw CoreKitError.default(`sign not supported for key type ${this.keyType}`);
@@ -925,23 +941,27 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     }
     const { endpoints, tssWSEndpoints, partyIndexes } = generateTSSEndpoints(torusNodeTSSEndpoints, parties, clientIndex, nodeIndexes);
 
+    const accountNonce = this.tkey.computeAccountNonce(this.state.accountIndex);
     const factor = Point.fromSEC1(secp256k1, this.state.remoteClient.remoteFactorPub);
     const factorEnc = this.tKey.getFactorEncs(factor);
 
-    const data = {
-      dataRequired: {
+    const data: { remoteSignParams: RemoteDklsSignParams; msgHash: string } = {
+      remoteSignParams: {
         factorEnc,
         sessionId,
         tssNonce,
+        accountNonce: accountNonce.toString("hex"),
         nodeIndexes: nodeIndexes.slice(0, parties - 1),
-        tssCommits: tssCommits.map((commit) => commit.toJSON()),
+        tssCommits: tssCommits.map((commit) => pointToHex(commit)),
         signatures: this.signatures,
         serverEndpoints: { endpoints, tssWSEndpoints, partyIndexes },
+        tssPubKeyHex: this.state.tssPubKey.toString("hex"),
+        curve: this.tkey.tssKeyType,
       },
       msgHash: msgData.toString("hex"),
     };
 
-    const result = await post<{ data?: Record<string, string> }>(`${this.state.remoteClient.remoteClientUrl}/api/v3/mpc/sign`, data, {
+    const result = await post<{ data?: Record<string, string> }>(`${this.state.remoteClient.remoteClientUrl}/api/v3/mpc/sign/dkls`, data, {
       headers: {
         Authorization: `Bearer ${this.state.remoteClient.remoteClientToken}`,
       },
@@ -950,6 +970,76 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     return { v: parseInt(v), r: Buffer.from(r, "hex"), s: Buffer.from(s, "hex") };
   }
 
+  public async remoteSignFrostEd25519(data: Buffer, hashed: boolean = false): Promise<Buffer> {
+    if (hashed) {
+      throw CoreKitError.default("hashed data not supported for ed25519");
+    }
+
+    const nodeDetails = fetchLocalConfig(this.options.web3AuthNetwork, "ed25519");
+    if (!nodeDetails.torusNodeTSSEndpoints) {
+      throw CoreKitError.default("could not fetch tss node endpoints");
+    }
+
+    // Endpoints must end with backslash, but URLs returned by
+    // `fetch-node-details` don't have it.
+    const ED25519_ENDPOINTS = nodeDetails.torusNodeTSSEndpoints.map((ep, i) => ({ index: nodeDetails.torusIndexes[i], url: `${ep}/` }));
+
+    // Select endpoints and derive party indices.
+    const serverThreshold = Math.floor(ED25519_ENDPOINTS.length / 2) + 1;
+    const endpoints = sampleEndpoints(ED25519_ENDPOINTS, serverThreshold);
+    const serverXCoords = endpoints.map((x) => x.index);
+    const clientXCoord = Math.max(...endpoints.map((ep) => ep.index)) + 1;
+
+    // Derive share coefficients for flat hierarchy.
+    const ec = new Ed25519Curve();
+    const { serverCoefficients, clientCoefficient } = deriveShareCoefficients(ec, serverXCoords, clientXCoord, this.state.tssShareIndex);
+
+    // Get pub key.
+    const tssPubKey = await this.getPubKey();
+    const tssPubKeyPoint = ec.keyFromPublic(tssPubKey).getPublic();
+
+    // Get client key share and adjust by coefficient.
+    if (this.state.accountIndex !== 0) {
+      throw CoreKitError.default("Account index not supported for ed25519");
+    }
+
+    // Generate session identifier.
+    const tssNonce = this.getTssNonce();
+    const sessionNonce = generateSessionNonce();
+    const session = getSessionId(this.verifier, this.verifierId, this.tKey.tssTag, tssNonce, sessionNonce);
+
+    // Run signing protocol.
+
+    const serverURLs = endpoints.map((x) => x.url);
+    const tssPubKeyHex = ec.pointToBuffer(tssPubKeyPoint, Buffer).toString("hex");
+
+    const factorPub = Point.fromSEC1(secp256k1, this.state.remoteClient.remoteFactorPub);
+    const params: { remoteSignParams: RemoteFrostSignParams; msgHash: string } = {
+      remoteSignParams: {
+        sessionId: session,
+        signatures: this.signatures,
+        tssCommits: this.tKey.getTSSCommits().map((commit) => pointToHex(commit)),
+        factorEnc: this.tKey.getFactorEncs(factorPub),
+        serverXCoords,
+        clientXCoord,
+        serverCoefficients: serverCoefficients.map((sc) => sc.toString("hex")),
+        clientCoefficient: clientCoefficient.toString("hex"),
+        tssPubKeyHex,
+        serverURLs,
+        curve: this.tkey.tssKeyType,
+      },
+      msgHash: data.toString("hex"),
+    };
+
+    const result = await post<{ data?: Record<string, string> }>(`${this.state.remoteClient.remoteClientUrl}/api/v3/mpc/sign/frost`, params, {
+      headers: {
+        Authorization: `Bearer ${this.state.remoteClient.remoteClientToken}`,
+      },
+    });
+
+    return Buffer.from(result.data.signature, "hex");
+  }
+
   public updateState(newState: Partial<Web3AuthState>): void {
     this.state = { ...this.state, ...newState };
   }
@@ -966,6 +1056,8 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
         }
       }
       return r;
+    } catch (e) {
+      throw e as Error;
     } finally {
       this.atomicCallStackCounter -= 1;
       if (this.atomicCallStackCounter === 0) {