Merge pull request #6392 from BitGo/BTC-2246.paygo-tostring

refactor(utxo-core): Pay Go Util functions fix

Author: christopher-fong

modules/utxo-core/src/paygo/parsePayGoAttestation.ts

@@ -3,9 +3,8 @@ import assert from 'assert';
 import { bufferutils } from '@bitgo/utxo-lib';
 
 // The signed address will always have the following structure:
-// 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID>
+// <varint_length><ENTROPY><ADDRESS><UUID>
 
-const PrefixLength = Buffer.from([0x18]).length + Buffer.from('Bitcoin Signed Message:\n').length;
 // UUID has the structure 00000000-0000-0000-0000-000000000000, and after
 // we Buffer.from and get it's length its 36.
 const UuidBufferLength = 36;
@@ -14,7 +13,7 @@ const EntropyLen = 64;
 
 /**
  * This function takes in the attestation proof of a PayGo address of the from
- * 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID> and returns
+ * <varint_length><ENTROPY><ADDRESS><UUID> and returns
  * the address given its length. It is assumed that the ENTROPY is 64 bytes in the Buffer
  * so if not given an address proof length we can still extract the address from the proof.
  *
@@ -26,13 +25,13 @@ export function parsePayGoAttestation(message: Buffer): {
   address: Buffer;
   uuid: Buffer;
 } {
-  if (message.length <= PrefixLength + EntropyLen + UuidBufferLength) {
+  if (message.length <= EntropyLen + UuidBufferLength) {
     throw new Error('PayGo attestation proof is too short to contain a valid address');
   }
 
   // This generates the first part before the varint length so that we can
   // determine how many bytes this is and iterate through the Buffer.
-  let offset = PrefixLength;
+  let offset = 0;
 
   // we decode the varint of the message which is uint32
   // https://en.bitcoin.it/wiki/Protocol_documentation

modules/utxo-core/src/paygo/psbt/payGoAddressProof.ts

@@ -19,6 +19,7 @@ import {
  * @param psbt - PSBT that we need to encode our paygo address into
  * @param outputIndex - the index of the address in our output
  * @param sig - the signature that we want to encode
+ * @param entropy - the arbitrary entropy bytes from our vasp proof
  */
 export function addPayGoAddressProof(
   psbt: utxolib.bitgo.UtxoPsbt,
@@ -40,7 +41,7 @@ export function addPayGoAddressProof(
  *
  * @param psbt - PSBT we want to verify that the paygo address is in
  * @param outputIndex - we have the output index that address is in
- * @param uuid
+ * @param verificationPubkey - the pubkey signed by the HSM to verify our message
  * @returns
  */
 export function verifyPayGoAddressProof(
@@ -76,7 +77,8 @@ export function verifyPayGoAddressProof(
   // We construct our message <ENTROPY><ADDRESS><UUID>
   const message = createPayGoAttestationBuffer(addressFromOutput, entropy, psbt.network);
 
-  if (!verifyMessage(message.toString(), verificationPubkey, signature, utxolib.networks.bitcoin)) {
+  // bip32utils.verifyMessage now takes in message as a Buffer
+  if (!verifyMessage(message, verificationPubkey, signature, utxolib.networks.bitcoin)) {
     throw new ErrorPayGoAddressProofFailedVerification();
   }
 }

modules/utxo-core/src/testutil/generatePayGoAttestationProof.utils.ts

@@ -12,11 +12,6 @@ import { bufferutils } from '@bitgo/utxo-lib';
  * @returns
  */
 export function generatePayGoAttestationProof(uuid: string, address: Buffer): Buffer {
-  // <0x18Bitcoin Signed Message:\n
-  const prefixByte = Buffer.from([0x18]);
-  const prefixMessage = Buffer.from('Bitcoin Signed Message:\n');
-  const prefixBuffer = Buffer.concat([prefixByte, prefixMessage]);
-
   // <ENTROPY>
   const entropyLength = 64;
   const entropy = crypto.randomBytes(entropyLength);
@@ -33,11 +28,7 @@ export function generatePayGoAttestationProof(uuid: string, address: Buffer): Bu
   const msgLengthBuffer = bufferutils.varuint.encode(msgLength);
 
   // <0x18Bitcoin Signed Message:\n<LENGTH><ENTROPY><ADDRESS><UUID>
-  const proofMessage = Buffer.concat([prefixBuffer, msgLengthBuffer, entropy, address, uuidBuffer]);
+  const proofMessage = Buffer.concat([msgLengthBuffer, entropy, address, uuidBuffer]);
 
-  // we sign this with the priv key
-  // don't know what sign function to call. Since this is just a mirrored function don't know if we need
-  // to include this part.
-  // const signedMsg = sign(attestationPrvKey, proofMessage);
   return proofMessage;
 }

modules/utxo-core/test/paygo/psbt/payGoAddressProof.ts

@@ -51,7 +51,7 @@ export const addressProofMsgBuffer = trimMessagePrefix(addressProofBuffer);
 export const addressProofEntropy = addressProofMsgBuffer.subarray(0, 65);
 
 // signature with the given msg addressProofBuffer
-export const sig = signMessage(addressProofMsgBuffer.toString(), attestationPrvKey!, network);
+export const sig = signMessage(addressProofMsgBuffer, attestationPrvKey!, network);
 
 function getTestPsbt() {
   return utxolib.testutil.constructPsbt(psbtInputs, psbtOutputs, network, rootWalletKeys, 'unsigned');