Web3Auth · himanshuchawla009 · Aug 22, 2024 · Aug 22, 2024 · Aug 22, 2024 · Aug 22, 2024
diff --git a/demo/redirect-flow-example/package-lock.json b/demo/redirect-flow-example/package-lock.json
diff --git a/demo/redirect-flow-example/src/App.tsx b/demo/redirect-flow-example/src/App.tsx
@@ -43,6 +43,7 @@ const coreKitInstance = new Web3AuthMPCCoreKit(
     storage: window.localStorage,
     // sessionTime: 3600, // <== can provide variable session time based on user subscribed plan
     tssLib,
+    useDkg: false
   }
 );
 

diff --git a/src/interfaces.ts b/src/interfaces.ts
@@ -79,7 +79,7 @@ export type MPCKeyDetails = {
   tssPubKey?: TkeyPoint;
 };
 
-export type OAuthLoginParams = (SubVerifierDetailsParams | AggregateVerifierLoginParams) & { importTssKey?: string; useDkg?: boolean };
+export type OAuthLoginParams = (SubVerifierDetailsParams | AggregateVerifierLoginParams) & { importTssKey?: string };
 export type UserInfo = TorusVerifierResponse & LoginWindowResponse;
 
 export interface EnableMFAParams {
@@ -407,9 +407,9 @@ export interface Web3AuthOptions {
   /**
    * Set this flag to false to generate keys on client side
    * by default keys are generated on using dkg protocol on a distributed network
-   * @defaultValue undefined
+   * @defaultValue false if keyType is ed25519, true for secp256k1 keys
    */
-  useDkg?: boolean;
+  useDKG?: boolean;
 }
 
 export type Web3AuthOptionsWithDefaults = Required<Web3AuthOptions>;

diff --git a/src/mpcCoreKit.ts b/src/mpcCoreKit.ts
@@ -55,6 +55,7 @@ import {
 import {
   deriveShareCoefficients,
   ed25519,
+  generateEd25519Seed,
   generateFactorKey,
   generateSessionNonce,
   generateTSSEndpoints,
@@ -195,6 +196,10 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     return this.options.uxMode === UX_MODE.REDIRECT;
   }
 
+  private get useDKG(): boolean {
+    return this.keyType === KeyType.ed25519 && this.options.useDKG === undefined ? false : this.options.useDKG;
+  }
+
   // RecoverTssKey only valid for user that enable MFA where user has 2 type shares :
   // TssShareType.DEVICE and TssShareType.RECOVERY
   // if the factors key provided is the same type recovery will not works
@@ -245,7 +250,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
         locationReplaceOnRedirect: true,
         serverTimeOffset: this.options.serverTimeOffset,
         keyType: this.keyType,
-        useDkg: this.options.useDkg,
+        useDkg: this.useDKG,
       },
     });
 
@@ -366,7 +371,6 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     }
 
     const { verifier, verifierId, idToken, importTssKey } = params;
-
     this.torusSp.verifierName = verifier;
     this.torusSp.verifierId = verifierId;
 
@@ -643,7 +647,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
    */
   public getPubKeyEd25519(): Buffer {
     const p = this.tkey.tssCurve.keyFromPublic(this.getPubKey()).getPublic();
-    return ed25519.keyFromPublic(p).getPublic();
+    return ed25519().keyFromPublic(p).getPublic();
   }
 
   public async sign(data: Buffer, hashed: boolean = false): Promise<Buffer> {
@@ -871,12 +875,24 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
     return tssNonce;
   }
 
-  private async setupTkey(importTssKey?: string): Promise<void> {
+  private async setupTkey(providedImportTssKey?: string): Promise<void> {
     if (!this.state.postBoxKey) {
       throw CoreKitError.userNotLoggedIn();
     }
     const existingUser = await this.isMetadataPresent(this.state.postBoxKey);
+    let importTssKey = providedImportTssKey;
     if (!existingUser) {
+      if (!importTssKey && !this.useDKG) {
+        if (this.keyType === KeyType.ed25519) {
+          const k = generateEd25519Seed();
+          importTssKey = k.toString("hex");
+        } else if (this.keyType === KeyType.secp256k1) {
+          const k = secp256k1.genKeyPair().getPrivate();
+          importTssKey = scalarBNToBufferSEC1(k).toString("hex", 64);
+        } else {
+          throw CoreKitError.default("Unsupported key type");
+        }
+      }
       await this.handleNewUser(importTssKey);
     } else {
       if (importTssKey) {

diff --git a/src/utils.ts b/src/utils.ts
@@ -11,7 +11,26 @@ import loglevel from "loglevel";
 import { DELIMITERS, SCALAR_LEN } from "./constants";
 import { CoreKitSigner, EthereumSigner, IAsyncStorage, IStorage } from "./interfaces";
 
-export const ed25519 = new EDDSA("ed25519");
+export const ed25519 = () => {
+  return new EDDSA("ed25519");
+};
+
+/**
+ * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.
+ */
+export function randomBytes(bytesLength = 32): Uint8Array {
+  // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
+  const crypto = typeof globalThis === "object" && "crypto" in globalThis ? globalThis.crypto : undefined;
+
+  if (crypto && typeof crypto.getRandomValues === "function") {
+    return crypto.getRandomValues(new Uint8Array(bytesLength));
+  }
+  throw new Error("crypto.getRandomValues must be defined");
+}
+
+export function generateEd25519Seed() {
+  return Buffer.from(randomBytes(32));
+}
 
 export const generateFactorKey = (): { private: BN; pub: TkeyPoint } => {
   const keyPair = factorKeyCurve.genKeyPair();

diff --git a/tests/ed25519.spec.ts b/tests/ed25519.spec.ts
@@ -143,8 +143,8 @@ variable.forEach((testVariable) => {
       const msg = "hello world";
       const msgBuffer = Buffer.from(msg);
 
-      const signature = ed25519.makeSignature((await coreKitInstance.sign(msgBuffer)).toString("hex"));
-      const valid = ed25519.verify(msgBuffer, signature, coreKitInstance.getPubKeyEd25519());
+      const signature = ed25519().makeSignature((await coreKitInstance.sign(msgBuffer)).toString("hex"));
+      const valid = ed25519().verify(msgBuffer, signature, coreKitInstance.getPubKeyEd25519());
       assert(valid);
     });
   });