crypter in app

Question

crypter in app

Opened this issue 3 years ago · 4 comments

Let's wrap up ecdh and chacha20poly1305 in a rust binary and put it inside Swift and Kotlin! First thing to do with this is securely pass the VLS seed from the phone to the hardware.

Phone generates a sepc256k keypair (using swift/kotlin)
Hardware generates a secp256k1 keypair
app posts its key via http, and receives the hardware's key
both sides generate a shared secret using ecdh (using the Rust plugin)
app generates the 32-byte VLS seed
app encrypts the seed with the secret using chacha20poly1305 (using the Rust plugin)
app sends the encrypted seed to the hardware (also the home wifi, password, and broker url)
hardware decrypts the seed, and stores it! (along with the other info)

blogs about Rust-on-mobile:

swift: https://betterprogramming.pub/from-rust-to-swift-df9bde59b7cd
kotlin: https://towardsdev.com/kotlin-native-and-rust-interoperability-b7b736c7fc0a (maybe better tutorials out there)

@tomastiminskas what do you know about wrapping Rust inside swift/kotlin?

Answer 1 · 2022-07-06T17:23:49.000Z

@tomastiminskas here are some assets to try getting running on kotlin. I used the UniFFI project to generate Kotlin bindings. Not sure how to load the binaries into Kotlin... here's a link https://mozilla.github.io/uniffi-rs/kotlin/gradle.html (but i dont think u need to integrate "compile time bindings" like that link explains, since we already have the bindings here:

Generated kotlin bindings: https://github.com/stakwork/sphinx-key/blob/master/crypter-ffi/src/uniffi/crypter/crypter.kt

Answer 2 · 2022-07-07T18:49:57.000Z

ok @tomastiminskas here are the binaries for android: https://github.com/stakwork/sphinx-key/releases/tag/v0.1.1

Here you can see the methods and test: https://github.com/stakwork/sphinx-key/blob/master/crypter-ffi/src/lib.rs

Here's an example of someone using UniFFI on android: https://github.com/imWildCat/uniffi-rs-fullstack-examples/tree/main/hello/platforms/android/UniffiRustExample

let me know how it goes!

Answer 3 · 2022-07-08T01:55:50.000Z

@tomastiminskas for ios there is a universal-crypter.a attached to the release, and here you can find crypter.swift, crypterFFI.h, and crypterFFI.modulemap files https://github.com/stakwork/sphinx-key/tree/master/crypter-ffi/src (not sure what files are needed for ios)

Answer 4 · 2022-07-08T17:43:42.000Z

@tomastiminskas i made a little hardware emulator server to test the seed passing process. You can install Rust and in this repo run cargo run --bin config-server, then test from the app:

create a keypair and random 8-byte nonce on the phone
create the 32-byte seed
GET /ecdh returns {"pubkey": "xxx"} that can be used to create the shared secret.
encrypt the seed with the shared secret
create a body like this:

{
    seed: "encrypted_seed",
    ssid: "xxx",
    pass: "xxx",
    broker: "xxx",
    pubkey: "my_ecdh_pubkey",
    network: "regtest",
}

stringify the body (like JSON.stringify)
POST /config?config=STRINGIFIED_BODY
you should see the decrypted seed printed in the config-server logs