chore: got tests to work

BTC-2047

TICKET: BTC-2047

feat(utxo-core): cleaned up comments

TICKET: BTC-2047

chore(utxo-core): added bitcoinjs-message to deps and fixed import

TICKET: BTC-2047

Author: davidkaplanbitgo

modules/utxo-core/package.json

@@ -54,7 +54,8 @@
     "@bitgo/unspents": "^0.47.21",
     "@bitgo/utxo-lib": "^11.3.0",
     "@bitgo/wasm-miniscript": "2.0.0-beta.7",
-    "bip174": "npm:@bitgo-forks/[email protected]"
+    "bip174": "npm:@bitgo-forks/[email protected]",
+    "bitcoinjs-message": "npm:@bitgo-forks/[email protected]"
   },
   "gitHead": "18e460ddf02de2dbf13c2aa243478188fb539f0c"
 }

modules/utxo-core/src/paygo/psbt/PayGoUtils.ts

@@ -1,7 +1,5 @@
+import * as utxolib from '@bitgo/utxo-lib';
 import * as bitcoinMessage from 'bitcoinjs-message';
-import { crypto } from 'bitcoinjs-lib';
-import { networks, bitgo } from '@bitgo/utxo-lib';
-import { toBase58Check } from '@bitgo/utxo-lib/src/address';
 
 import { extractAddressBufferFromPayGoAttestationProof } from '../ExtractAddressPayGoAttestation';
 
@@ -14,11 +12,16 @@ import { extractAddressBufferFromPayGoAttestationProof } from '../ExtractAddress
  * @param outputIndex - the index of the address in our output
  * @param sig - the signature that we want to encode
  */
-export function addPaygoAddressProof(psbt: bitgo.UtxoPsbt, outputIndex: number, sig: Buffer, pub: Buffer): void {
+export function addPaygoAddressProof(
+  psbt: utxolib.bitgo.UtxoPsbt,
+  outputIndex: number,
+  sig: Buffer,
+  pub: Buffer
+): void {
   psbt.addProprietaryKeyValToOutput(outputIndex, {
     key: {
-      identifier: bitgo.PSBT_PROPRIETARY_IDENTIFIER,
-      subtype: bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
+      identifier: utxolib.bitgo.PSBT_PROPRIETARY_IDENTIFIER,
+      subtype: utxolib.bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
       keydata: pub,
     },
     value: sig,
@@ -33,10 +36,15 @@ export function addPaygoAddressProof(psbt: bitgo.UtxoPsbt, outputIndex: number,
  * @param message - The message we want to verify corresponding to sig
  * @returns
  */
-export function verifyPaygoAddressProof(psbt: bitgo.UtxoPsbt, outputIndex: number, message: Buffer): void {
+export function verifyPaygoAddressProof(
+  psbt: utxolib.bitgo.UtxoPsbt,
+  outputIndex: number,
+  message: Buffer,
+  attestationPubKey: Buffer
+): void {
   const stored = psbt.getOutputProprietaryKeyVals(outputIndex, {
-    identifier: bitgo.PSBT_PROPRIETARY_IDENTIFIER,
-    subtype: bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
+    identifier: utxolib.bitgo.PSBT_PROPRIETARY_IDENTIFIER,
+    subtype: utxolib.bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
   });
   if (!stored) {
     throw new Error(`No address proof.`);
@@ -51,21 +59,37 @@ export function verifyPaygoAddressProof(psbt: bitgo.UtxoPsbt, outputIndex: numbe
 
   const signature = stored[0].value;
   const pub = stored[0].key.keydata;
+
+  // Check that the keydata pubkey is the same as the one we are verifying against
+  if (Buffer.compare(pub, attestationPubKey) !== 0) {
+    throw new Error('The public key in the PSBT does not match the provided public key.');
+  }
+
   // It doesn't matter that this is bitcoin or not, we just need to convert the public key buffer into an address format
   // for the verification
-  const messageToVerify = toBase58Check(crypto.hash160(pub), networks.bitcoin.pubKeyHash, networks.bitcoin);
+  const messageToVerify = utxolib.address.toBase58Check(
+    utxolib.crypto.hash160(pub),
+    utxolib.networks.bitcoin.pubKeyHash,
+    utxolib.networks.bitcoin
+  );
 
-  if (!bitcoinMessage.verify(message, messageToVerify, signature)) {
+  if (!bitcoinMessage.verify(message, messageToVerify, signature, utxolib.networks.bitcoin.messagePrefix)) {
     throw new Error('Cannot verify the paygo address signature with the provided pubkey.');
   }
-  // We should be verifying the address that was encoded into our message, not from our transaction output.
-  // We already do this because our message should be signed with our address
-  // which is the same one we used to verify the authenticity of the message given its signature as well.
-  const addressFromProof = extractAddressBufferFromPayGoAttestationProof(message);
+  // We should be verifying the address that was encoded into our message.
+  const addressFromProof = extractAddressBufferFromPayGoAttestationProof(message).toString();
+
+  // Check that the address from the proof matches what is in the PSBT
+  const txOutputs = psbt.txOutputs;
+  if (outputIndex >= txOutputs.length) {
+    throw new Error(`Output index ${outputIndex} is out of bounds for PSBT outputs.`);
+  }
+  const output = txOutputs[outputIndex];
+  const addressFromOutput = utxolib.address.fromOutputScript(output.script, psbt.network);
 
-  if (Buffer.compare(addressFromProof, Buffer.from(messageToVerify)) !== 0) {
+  if (addressFromProof !== addressFromOutput) {
     throw new Error(
-      `The address from the output (${messageToVerify}) does not match the address that is in the proof (${addressFromProof}).`
+      `The address from the output (${addressFromOutput}) does not match the address that is in the proof (${addressFromProof}).`
     );
   }
 }
@@ -77,11 +101,11 @@ export function verifyPaygoAddressProof(psbt: bitgo.UtxoPsbt, outputIndex: numbe
  * @param psbt
  * @returns number - the index of the output address
  */
-export function getPaygoAddressProofOutputIndex(psbt: bitgo.UtxoPsbt): number | undefined {
+export function getPaygoAddressProofOutputIndex(psbt: utxolib.bitgo.UtxoPsbt): number | undefined {
   const res = psbt.data.outputs.flatMap((output, outputIndex) => {
-    const proprietaryKeyVals = bitgo.getPsbtOutputProprietaryKeyVals(output, {
-      identifier: bitgo.PSBT_PROPRIETARY_IDENTIFIER,
-      subtype: bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
+    const proprietaryKeyVals = utxolib.bitgo.getPsbtOutputProprietaryKeyVals(output, {
+      identifier: utxolib.bitgo.PSBT_PROPRIETARY_IDENTIFIER,
+      subtype: utxolib.bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
     });
 
     if (proprietaryKeyVals.length > 1) {
@@ -94,6 +118,6 @@ export function getPaygoAddressProofOutputIndex(psbt: bitgo.UtxoPsbt): number |
   return res.length === 0 ? undefined : res[0];
 }
 
-export function psbtOutputIncludesPaygoAddressProof(psbt: bitgo.UtxoPsbt): boolean {
+export function psbtOutputIncludesPaygoAddressProof(psbt: utxolib.bitgo.UtxoPsbt): boolean {
   return getPaygoAddressProofOutputIndex(psbt) !== undefined;
 }

modules/utxo-core/test/paygo/psbt/PayGoUtils.ts

@@ -1,10 +1,10 @@
 import assert from 'assert';
 
+import * as utxolib from '@bitgo/utxo-lib';
 import * as bitcoinMessage from 'bitcoinjs-message';
 import { decodeProprietaryKey } from 'bip174/src/lib/proprietaryKeyVal';
 import { KeyValue } from 'bip174/src/lib/interfaces';
 import { checkForOutput } from 'bip174/src/lib/utils';
-import { bitgo, networks, testutil, bip32, crypto, address } from '@bitgo/utxo-lib';
 
 import {
   addPaygoAddressProof,
@@ -15,37 +15,42 @@ import {
 import { generatePayGoAttestationProof } from '../../../src/testutil/generatePayGoAttestationProof.utils';
 
 // To construct our PSBTs
-const network = networks.bitcoin;
-const keys = [1, 2, 3].map((v) => bip32.fromSeed(Buffer.alloc(16, `test/2/${v}`), network));
-const rootWalletKeys = new bitgo.RootWalletKeys([keys[0], keys[1], keys[2]]);
-const psbtInputs = testutil.inputScriptTypes.map((scriptType) => ({ scriptType, value: BigInt(1000) }));
-const psbtOutputs = testutil.outputScriptTypes.map((scriptType) => ({ scriptType, value: BigInt(900) }));
-const dummyPub1 = rootWalletKeys.deriveForChainAndIndex(50, 200);
+const network = utxolib.networks.bitcoin;
+const keys = [1, 2, 3].map((v) => utxolib.bip32.fromSeed(Buffer.alloc(16, `test/2/${v}`), network));
+const rootWalletKeys = new utxolib.bitgo.RootWalletKeys([keys[0], keys[1], keys[2]]);
+
+// PSBT INPUTS AND OUTPUTS
+const psbtInputs = utxolib.testutil.inputScriptTypes.map((scriptType) => ({
+  scriptType,
+  value: BigInt(1000),
+}));
+const psbtOutputs = utxolib.testutil.outputScriptTypes.map((scriptType) => ({
+  scriptType,
+  value: BigInt(900),
+}));
+
 // wallet pub and priv key for tbtc
+const dummyPub1 = rootWalletKeys.deriveForChainAndIndex(50, 200);
 const attestationPubKey = dummyPub1.user.publicKey;
 const attestationPrvKey = dummyPub1.user.privateKey!;
-// const attestationPubKey =
-//   'xpub661MyMwAqRbcFU2Qx7pvGmmiQpVj8NcR7dSVpgqNChMkQyobpVWWERcrTb47WicmXwkhAY2VrC3hb29s18FDQWJf5pLm3saN6uLXAXpw1GV';
-// const attestationPrvKey = '3FlzrW1WuPbab2GWGyx+k/pHUNefDlw3SV0NQHLrWA+YEzqbvEQmosFGXMslYqtgpeIy6HiEoEvKzbNKM7yGY8GQHv7E++/sQRFDprOyklaW7GVyC2yEZe/LdaEfBvxf2VHBmu2hYubjsdHYF5+RQ3FhnyaNT+0=';
-// const keypair = ECPair.fromPrivateKey(Buffer.from(attestationPrvKey));
 
 // UUID structure
 const nilUUID = '00000000-0000-0000-0000-000000000000';
 
 // our xpub converted to base58 address
-const addressFromPubkey = address.toBase58Check(
-  crypto.hash160(Buffer.from(attestationPubKey)),
-  networks.bitcoin.pubKeyHash,
-  networks.bitcoin
+const addressToVerify = utxolib.address.toBase58Check(
+  utxolib.crypto.hash160(Buffer.from(dummyPub1.backup.publicKey)),
+  utxolib.networks.bitcoin.pubKeyHash,
+  utxolib.networks.bitcoin
 );
+
 // this should be retuning a Buffer
-const addressProofBuffer = generatePayGoAttestationProof(nilUUID, Buffer.from(addressFromPubkey));
+const addressProofBuffer = generatePayGoAttestationProof(nilUUID, Buffer.from(addressToVerify));
 // signature with the given msg addressProofBuffer
-// console.log(attestationPrvKey)
-const sig = bitcoinMessage.sign(addressProofBuffer, attestationPrvKey!);
+const sig = bitcoinMessage.sign(addressProofBuffer, attestationPrvKey!, true, network.messagePrefix);
 
 function getTestPsbt() {
-  return testutil.constructPsbt(psbtInputs, psbtOutputs, network, rootWalletKeys, 'unsigned');
+  return utxolib.testutil.constructPsbt(psbtInputs, psbtOutputs, network, rootWalletKeys, 'unsigned');
 }
 
 describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
@@ -56,8 +61,8 @@ describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
       })
       .filter((keyValue) => {
         return (
-          keyValue.key.identifier === bitgo.PSBT_PROPRIETARY_IDENTIFIER &&
-          keyValue.key.subtype === bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF
+          keyValue.key.identifier === utxolib.bitgo.PSBT_PROPRIETARY_IDENTIFIER &&
+          keyValue.key.subtype === utxolib.bitgo.ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF
         );
       });
   }
@@ -70,16 +75,17 @@ describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
     const proofInPsbt = getPaygoProprietaryKey(output.unknownKeyVals!);
     assert(proofInPsbt.length === 1);
     assert.throws(
-      () => verifyPaygoAddressProof(psbt, 0, Buffer.from('Random Signed Message')),
+      () => verifyPaygoAddressProof(psbt, 0, Buffer.from('Random Signed Message'), attestationPubKey),
       (e: any) => e.message === 'Cannot verify the paygo address signature with the provided pubkey.'
     );
   });
 
   it('should add and verify a valid paygo address proof on the PSBT', () => {
-    const outputIndex = 0;
     const psbt = getTestPsbt();
+    psbt.addOutput({ script: utxolib.address.toOutputScript(addressToVerify, network), value: BigInt(10000) });
+    const outputIndex = psbt.data.outputs.length - 1;
     addPaygoAddressProof(psbt, outputIndex, sig, Buffer.from(attestationPubKey));
-    verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer));
+    verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), attestationPubKey);
   });
 
   it('should throw an error if there are multiple PayGo proprietary keys in the PSBT', () => {
@@ -92,7 +98,7 @@ describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
     assert(proofInPsbt.length !== 0);
     assert(proofInPsbt.length > 1);
     assert.throws(
-      () => verifyPaygoAddressProof(psbt, outputIndex, addressProofBuffer),
+      () => verifyPaygoAddressProof(psbt, outputIndex, addressProofBuffer, attestationPubKey),
       (e: any) => e.message === 'There are multiple paygo address proofs encoded in the PSBT. Something went wrong.'
     );
   });
@@ -102,7 +108,7 @@ describe('verifyPaygoAddressProof', () => {
   it('should throw an error if there is no PayGo address in PSBT', () => {
     const psbt = getTestPsbt();
     assert.throws(
-      () => verifyPaygoAddressProof(psbt, 0, addressProofBuffer),
+      () => verifyPaygoAddressProof(psbt, 0, addressProofBuffer, attestationPubKey),
       (e: any) => e.message === 'There is no paygo address proof encoded in the PSBT at output 0.'
     );
   });

modules/utxo-lib/src/bitgo/zcash/address.ts

@@ -23,7 +23,7 @@ export function toBase58Check(hash: Buffer, version: number): string {
 }
 
 export function fromOutputScript(outputScript: Buffer, network: Network): string {
-  assert(isZcash(network));
+  assert.ok(isZcash(network));
   let o;
   let prefix;
   try {
@@ -41,7 +41,7 @@ export function fromOutputScript(outputScript: Buffer, network: Network): string
 }
 
 export function toOutputScript(address: string, network: Network): Buffer {
-  assert(isZcash(network));
+  assert.ok(isZcash(network));
   const { version, hash } = fromBase58Check(address);
   if (version === network.pubKeyHash) {
     return payments.p2pkh({ hash }).output as Buffer;