chore: wip added functions and tests

TICKET: BTC-2047

Author: christopher-fong

modules/utxo-lib/src/bitgo/PsbtUtil.ts

@@ -15,7 +15,7 @@ export enum ProprietaryKeySubtype {
   MUSIG2_PARTICIPANT_PUB_KEYS = 0x01,
   MUSIG2_PUB_NONCE = 0x02,
   MUSIG2_PARTIAL_SIG = 0x03,
-  PAYGO_ADDRESS_PROOF = 0x04,
+  PAYGO_ADDRESS_ATTESTATION_PROOF = 0x04,
 }
 
 /**

modules/utxo-lib/src/bitgo/UtxoPsbt.ts

@@ -1148,6 +1148,8 @@ export class UtxoPsbt<Tx extends UtxoTransaction<bigint> = UtxoTransaction<bigin
    * Default identifier is utf-8 for identifier
    */
   addProprietaryKeyValToOutput(outputIndex: number, keyValueData: ProprietaryKeyValue): this {
+    const output = checkForOutput(this.data.outputs, outputIndex);
+    assert(output.unknownKeyVals);
     return this.addUnknownKeyValToOutput(outputIndex, {
       key: encodeProprietaryKey(keyValueData.key),
       value: keyValueData.value

modules/utxo-lib/src/bitgo/psbt/paygoAddressProof.ts

@@ -1,12 +1,17 @@
+import * as assert from 'assert';
 import * as bitcoinMessage from 'bitcoinjs-message';
 import { crypto } from 'bitcoinjs-lib';
 
+import { address } from '../..';
 import { networks } from '../../networks';
 import { toBase58Check } from '../../address';
 import { getPsbtOutputProprietaryKeyVals, ProprietaryKeySubtype, PSBT_PROPRIETARY_IDENTIFIER } from '../PsbtUtil';
 import { UtxoPsbt } from '../UtxoPsbt';
 
-/**
+/** The function consumes the signature as a parameter and adds the PayGo address to the 
+ * PSBT output at the output index where the signature is of the format:
+ * 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID> signed by
+ * the HSM beforehand.
  *
  * @param psbt - PSBT that we need to encode our paygo address into
  * @param outputIndex - the index of the address in our output
@@ -16,7 +21,7 @@ export function addPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, sig: B
   psbt.addProprietaryKeyValToOutput(outputIndex, {
     key: {
       identifier: PSBT_PROPRIETARY_IDENTIFIER,
-      subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_PROOF,
+      subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
       keydata: Buffer.from(pub)
     },
     value: sig,
@@ -33,29 +38,38 @@ export function addPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, sig: B
 export function verifyPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, pub: Buffer): void {
   const stored = psbt.getOutputProprietaryKeyVals(outputIndex, {
     identifier: PSBT_PROPRIETARY_IDENTIFIER,
-    subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_PROOF,
+    subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
   });
   if (!stored) {
     throw new Error('No address proof');
   }
 
   // assert stored length is 0 or 1
   if (stored.length === 0) {
-    throw new Error('There is no paygo address proof encoded in the PSBT.');
+    throw new Error(`There is no paygo address proof encoded in the PSBT at output ${outputIndex}.`);
   } else if (stored.length > 1) {
     throw new Error('There are multiple paygo address proofs encoded in the PSBT. Something went wrong.');
   }
 
   const signature = stored[0].value;
   // It doesn't matter that this is bitcoin or not, we just need to convert the public key buffer into an address format
   // for the verification
-  const verifyingAddress = toBase58Check(crypto.hash160(pub), networks.bitcoin.pubKeyHash, networks.bitcoin);
+  const messageToVerify = toBase58Check(crypto.hash160(pub), networks.bitcoin.pubKeyHash, networks.bitcoin);
 
   // TODO: need to figure out what the message is in this context
   // Are we verifying the address of the PayGo? we can call getAddressFromScript given output index.
-  if (!bitcoinMessage.verify(message, verifyingAddress, signature)) {
+  if (!bitcoinMessage.verify(message, messageToVerify, signature)) {
     throw new Error('Cannot verify the paygo address signature with the provided pubkey.');
   }
+
+  const out = psbt.txOutputs[outputIndex];
+  assert(out);
+  const addressFromOutput = address.fromOutputScript(out.script, psbt.network);
+  const addressFromProof = extractAddressFromPayGoAttestationProof(message, addressFromOutput.length);
+  
+  if (addressFromProof !== addressFromOutput) {
+    throw new Error(`The address from the output (${addressFromOutput}) does not match the address that is in the proof (${addressFromProof}).`)
+  }
 }
 
 /** Get the output index of the paygo output if there is one. It does this by
@@ -65,11 +79,11 @@ export function verifyPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, pub
  * @param psbt
  * @returns number - the index of the output address
  */
-export function getPaygoAddressProofIndex(psbt: UtxoPsbt): number | undefined {
+export function getPaygoAddressProofOutputIndex(psbt: UtxoPsbt): number | undefined {
   const res = psbt.data.outputs.flatMap((output, outputIndex) => {
     const proprietaryKeyVals = getPsbtOutputProprietaryKeyVals(output, {
       identifier: PSBT_PROPRIETARY_IDENTIFIER,
-      subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_PROOF,
+      subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
     });
 
     return proprietaryKeyVals.length === 0 ? [] : [outputIndex];
@@ -78,6 +92,6 @@ export function getPaygoAddressProofIndex(psbt: UtxoPsbt): number | undefined {
   return res.length === 0 ? undefined : res[0];
 }
 
-export function psbtIncludesPaygoAddressProof(psbt: UtxoPsbt): boolean {
-  return getPaygoAddressProofIndex(psbt) !== undefined;
+export function psbtOutputIncludesPaygoAddressProof(psbt: UtxoPsbt): boolean {
+  return getPaygoAddressProofOutputIndex(psbt) !== undefined;
 }

modules/utxo-lib/src/testutil/psbt.ts

@@ -261,3 +261,26 @@ export function verifyFullySignedSignatures(
     }
   });
 }
+
+/** We generate the PayGo attestation proof based on the private key, UUID, and address of our PayGo.
+ * We create a random entropy of 64 bytes encoded to base58 and used to create the attestation proof
+ * in the format 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID>
+ * 
+ * @param attestationPrvKey 
+ * @param uuid 
+ * @param address 
+ */
+export function generatePayGoAttestationProof(attestationPrvKey: Buffer, uuid: string, address: Buffer): Buffer {
+  // This is our prefix to our bitcoin signed message
+  const prefixByte = Buffer.from([0x18]);
+  const signedMessagePrefix = Buffer.from('Bitcoin Signed Message:\n', 'utf8');
+  // We always create a 32 byte buffer array but we can implement a random
+  // function to generate between two ranges of our length of entropy
+  const entropy = Buffer.allocUnsafe(32);
+  crypto.getRandomValues(entropy);
+  const uuidToBuffer = Buffer.from(uuid, 'hex');
+  const signedMessageBufferRaw = Buffer.concat([prefixByte, signedMessagePrefix, entropy, address, uuidToBuffer]);
+  const varInt = Buffer.from([signedMessageBufferRaw.length]);
+  const fullResMessageBuffer = Buffer.concat([prefixByte, signedMessagePrefix, varInt, entropy, address, uuidToBuffer])l
+
+}

modules/utxo-lib/test/bitgo/psbt/paygoAddressProof.ts

@@ -4,24 +4,30 @@ import { KeyValue } from 'bip174/src/lib/interfaces';
 import { checkForOutput } from 'bip174/src/lib/utils';
 
 import { bip32, networks, testutil } from '../../../src'
-import { addPaygoAddressProof, verifyPaygoAddressProof, getPaygoAddressProofIndex, psbtIncludesPaygoAddressProof } from "../../../src/bitgo/psbt/paygoAddressProof";
-import { inputScriptTypes, outputScriptTypes } from '../../../src/testutil';
+import { addPaygoAddressProof, verifyPaygoAddressProof, getPaygoAddressProofOutputIndex, psbtOutputIncludesPaygoAddressProof } from "../../../src/bitgo/psbt/paygoAddressProof";
+import { generatePayGoAttestationProof, inputScriptTypes, outputScriptTypes } from '../../../src/testutil';
 import { ProprietaryKeySubtype, PSBT_PROPRIETARY_IDENTIFIER, RootWalletKeys } from '../../../src/bitgo';
 
 
 const network = networks.bitcoin;
 const keys = [1,2,3].map((v) => bip32.fromSeed(Buffer.alloc(16, `test/2/${v}`), network))
 const rootWalletKeys = new RootWalletKeys([keys[0], keys[1], keys[2]])
-const dummyKey1 = rootWalletKeys.deriveForChainAndIndex(50, 200);
+// const dummyKey1 = rootWalletKeys.deriveForChainAndIndex(50, 200);
 const dummyKey2 = rootWalletKeys.deriveForChainAndIndex(60, 201);
-const dumm1yXPubs = dummyKey1.publicKeys;
-const dummy1PubKey = dummyKey1.user.publicKey;
 
 const psbtInputs = inputScriptTypes.map((scriptType) => ({scriptType, value: BigInt(1000)}))
 const psbtOutputs = outputScriptTypes.map((scriptType) => ({ scriptType, value: BigInt(900)}))
-const sig = dummyKey1.user.privateKey!;
+// const dummy1PubKey = dummyKey1.user.publicKey;
+// This generatePayGoAttestationProof function should be returning the bitcoin signed message
 const sig2 = dummyKey2.user.privateKey!;
 
+// wallet pub and priv key for tbtc
+const attestationPubKey = "xpub661MyMwAqRbcFU2Qx7pvGmmiQpVj8NcR7dSVpgqNChMkQyobpVWWERcrTb47WicmXwkhAY2VrC3hb29s18FDQWJf5pLm3saN6uLXAXpw1GV";
+const attestationPrvKey = "red";
+const nilUUID = '00000000-0000-0000-0000-000000000000';
+const addressProofBuffer = generatePayGoAttestationProof(Buffer.from(attestationPrvKey), nilUUID, Buffer.from(address))
+
+
 function getTestPsbt() {
     return testutil.constructPsbt(
         psbtInputs, psbtOutputs, network, rootWalletKeys, 'unsigned'
@@ -33,14 +39,14 @@ describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
         return proprietaryKeyVals.map(({key, value}) => {
             return { key: decodeProprietaryKey(key), value };
         }).filter((keyValue) => {
-            return keyValue.key.identifier === PSBT_PROPRIETARY_IDENTIFIER && keyValue.key.subtype === ProprietaryKeySubtype.PAYGO_ADDRESS_PROOF
+            return keyValue.key.identifier === PSBT_PROPRIETARY_IDENTIFIER && keyValue.key.subtype === ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF
         });
     }
 
     it("should fail a proof verification if the proof isn't valid", () => {
         const outputIndex = 0;
         const psbt = getTestPsbt();
-        addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig), dummy1PubKey);
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
         const output = checkForOutput(psbt.data.outputs, outputIndex);
         const proofInPsbt = getPaygoProprietaryKey(output.unknownKeyVals!);
         assert(proofInPsbt.length === 1)
@@ -50,45 +56,45 @@ describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
     it("should add and verify a valid paygo address proof on the PSBT", () => {
         const outputIndex = 0;
         const psbt = getTestPsbt();
-        addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig), dummy1PubKey);
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
         // should verify function return a boolean? that way we can assert
         // if this is verified, throws an error otherwise or false + error msg as an object
-        verifyPaygoAddressProof(psbt, outputIndex, dummy1PubKey);
+        verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(attestationPubKey));
     });
 
     it("should throw an error if there are multiple PayGo proprietary keys in the PSBT", () => {
         const outputIndex = 0;
         const psbt = getTestPsbt();
-        addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig), dummy1PubKey);
-        addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig2), dummy1PubKey);
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig2), Buffer.from(attestationPubKey));
         const output = checkForOutput(psbt.data.outputs, outputIndex);
         const proofInPsbt = getPaygoProprietaryKey(output.unknownKeyVals!);
         assert(proofInPsbt.length !== 0)
         assert(proofInPsbt.length <= 1)
-        assert.throws(() => verifyPaygoAddressProof(psbt, outputIndex, dummy1PubKey), (e: any) => e.message === 'There are multiple paygo address proofs encoded in the PSBT. Something went wrong.');
+        assert.throws(() => verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(attestationPubKey)), (e: any) => e.message === 'There are multiple paygo address proofs encoded in the PSBT. Something went wrong.');
     });
 });
 
 
 describe('verifyPaygoAddressProof', () => {
     it('should throw an error if there is no PayGo address in PSBT', () => {
         const psbt = getTestPsbt();
-        assert.throws(() => verifyPaygoAddressProof(psbt, 0, dummy1PubKey), (e: any) => e.message === 'here is no paygo address proof encoded in the PSBT.');
+        assert.throws(() => verifyPaygoAddressProof(psbt, 0, Buffer.from(attestationPubKey)), (e: any) => e.message === 'here is no paygo address proof encoded in the PSBT.');
     });
 });
 
 describe('getPaygoAddressProofIndex', () => {
     it('should get PayGo address proof index from PSBT if there is one', () => {
         const psbt = getTestPsbt();
         const outputIndex = 0;
-        addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig), dummy1PubKey);
-        assert(psbtIncludesPaygoAddressProof(psbt));
-        assert(getPaygoAddressProofIndex(psbt) === 1)
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+        assert(psbtOutputIncludesPaygoAddressProof(psbt));
+        assert(getPaygoAddressProofOutputIndex(psbt) === 0)
     });
 
     it("should return undefined if there is no PayGo address proof in PSBT", () => {
         const psbt = getTestPsbt();
-        assert(getPaygoAddressProofIndex(psbt) === undefined)
-        assert(!psbtIncludesPaygoAddressProof(psbt))
+        assert(getPaygoAddressProofOutputIndex(psbt) === undefined)
+        assert(!psbtOutputIncludesPaygoAddressProof(psbt))
     });
 });