crypter in app

[Evanfeenstra]

Let's wrap up ecdh and chacha20poly1305 in a rust binary and put it inside Swift and Kotlin! First thing to do with this is securely pass the VLS seed from the phone to the hardware.

• Phone generates a sepc256k keypair (using swift/kotlin)
• Hardware generates a secp256k1 keypair
• app posts its key via http, and receives the hardware's key
• both sides generate a shared secret using ecdh (using the Rust plugin)
• app generates the 32-byte VLS seed
• app encrypts the seed with the secret using chacha20poly1305 (using the Rust plugin)
• app sends the encrypted seed to the hardware (also the home wifi, password, and broker url)
• hardware decrypts the seed, and stores it! (along with the other info)

blogs about Rust-on-mobile:

• swift: https://betterprogramming.pub/from-rust-to-swift-df9bde59b7cd
• kotlin: https://towardsdev.com/kotlin-native-and-rust-interoperability-b7b736c7fc0a (maybe better tutorials out there)

@tomastiminskas what do you know about wrapping Rust inside swift/kotlin?

[Evanfeenstra]

@tomastiminskas here are some assets to try getting running on kotlin. I used the UniFFI project to generate Kotlin bindings. Not sure how to load the binaries into Kotlin... here's a link https://mozilla.github.io/uniffi-rs/kotlin/gradle.html (but i dont think u need to integrate "compile time bindings" like that link explains, since we already have the bindings here:

Generated kotlin bindings: https://github.com/stakwork/sphinx-key/blob/master/crypter-ffi/src/uniffi/crypter/crypter.kt

[Evanfeenstra]

ok @tomastiminskas here are the binaries for android: https://github.com/stakwork/sphinx-key/releases/tag/v0.1.1

Here you can see the methods and test: https://github.com/stakwork/sphinx-key/blob/master/crypter-ffi/src/lib.rs

Here's an example of someone using UniFFI on android: https://github.com/imWildCat/uniffi-rs-fullstack-examples/tree/main/hello/platforms/android/UniffiRustExample

let me know how it goes!

[Evanfeenstra]

@tomastiminskas for ios there is a universal-crypter.a attached to the release, and here you can find crypter.swift, crypterFFI.h, and crypterFFI.modulemap files https://github.com/stakwork/sphinx-key/tree/master/crypter-ffi/src (not sure what files are needed for ios)

[Evanfeenstra]

@tomastiminskas i made a little hardware emulator server to test the seed passing process. You can install Rust and in this repo run cargo run --bin config-server, then test from the app:

1. create a keypair and random 8-byte nonce on the phone
2. create the 32-byte seed
3. GET /ecdh returns {"pubkey": "xxx"} that can be used to create the shared secret.
4. encrypt the seed with the shared secret
5. create a body like this:

   {
   seed: "encrypted_seed",
   ssid: "xxx",
   pass: "xxx",
   broker: "xxx",
   pubkey: "my_ecdh_pubkey",
   network: "regtest",
   }

6. stringify the body (like JSON.stringify)
7. POST /config?config=STRINGIFIED_BODY
8. you should see the decrypted seed printed in the config-server logs