chore(utxo-lib): modified verify function and tests

christopher-fong · christopher-fong · commit 9f4929b548f7 · 2025-06-06T15:00:54.000-04:00
Issue: BTC-2047 TICKET: BTC-2047
diff --git a/modules/utxo-lib/src/bitgo/psbt/paygoAddressProof.ts b/modules/utxo-lib/src/bitgo/psbt/paygoAddressProof.ts
@@ -5,6 +5,7 @@ import { crypto } from 'bitcoinjs-lib';
 import { address } from '../..';
 import { networks } from '../../networks';
 import { toBase58Check } from '../../address';
+import { extractAddressBufferFromPayGoAttestationProof } from '../../bitgo/ExtractAddressPayGoAttestation';
 import { getPsbtOutputProprietaryKeyVals, ProprietaryKeySubtype, PSBT_PROPRIETARY_IDENTIFIER } from '../PsbtUtil';
 import { UtxoPsbt } from '../UtxoPsbt';
 
@@ -33,15 +34,16 @@ export function addPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, sig: B
  * @param psbt - PSBT we want to verify that the paygo address is in
  * @param outputIndex - we have the output index that address is in
  * @param pub - The public key that we want to verify the proof with
+ * @param message - The message we want to verify corresponding to sig
  * @returns
  */
-export function verifyPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, pub: Buffer): void {
+export function verifyPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, message: Buffer): void {
   const stored = psbt.getOutputProprietaryKeyVals(outputIndex, {
     identifier: PSBT_PROPRIETARY_IDENTIFIER,
     subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
   });
   if (!stored) {
-    throw new Error('No address proof');
+    throw new Error(`No address proof.`);
   }
 
   // assert stored length is 0 or 1
@@ -52,20 +54,21 @@ export function verifyPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, pub
   }
 
   const signature = stored[0].value;
+  const pub = stored[0].key.keydata;
   // It doesn't matter that this is bitcoin or not, we just need to convert the public key buffer into an address format
   // for the verification
   const messageToVerify = toBase58Check(crypto.hash160(pub), networks.bitcoin.pubKeyHash, networks.bitcoin);
 
   // TODO: need to figure out what the message is in this context
-  // Answer: message is our <varint_length><Entropy><Address><UUID>
+  // Answer: message is our 0x18Bitcoin Signed Message:\n<varint_length><Entropy><Address><UUID>
   if (!bitcoinMessage.verify(message, messageToVerify, signature)) {
     throw new Error('Cannot verify the paygo address signature with the provided pubkey.');
   }
 
   const out = psbt.txOutputs[outputIndex];
   assert(out);
   const addressFromOutput = address.fromOutputScript(out.script, psbt.network);
-  const addressFromProof = extractAddressFromPayGoAttestationProof(message, addressFromOutput.length);
+  const addressFromProof = extractAddressBufferFromPayGoAttestationProof(message);
 
   if (addressFromProof !== addressFromOutput) {
     throw new Error(
diff --git a/modules/utxo-lib/test/bitgo/psbt/paygoAddressProof.ts b/modules/utxo-lib/test/bitgo/psbt/paygoAddressProof.ts
@@ -1,4 +1,5 @@
 import * as assert from 'assert';
+import * as bitcoinMessage from 'bitcoinjs-message';
 import { decodeProprietaryKey } from 'bip174/src/lib/proprietaryKeyVal';
 import { KeyValue } from 'bip174/src/lib/interfaces';
 import { checkForOutput } from 'bip174/src/lib/utils';
@@ -14,29 +15,31 @@ import {
   psbtOutputIncludesPaygoAddressProof,
 } from '../../../src/bitgo/psbt/paygoAddressProof';
 
+// To construct our PSBTs
 const network = networks.bitcoin;
 const keys = [1, 2, 3].map((v) => bip32.fromSeed(Buffer.alloc(16, `test/2/${v}`), network));
 const rootWalletKeys = new RootWalletKeys([keys[0], keys[1], keys[2]]);
-// const dummyKey1 = rootWalletKeys.deriveForChainAndIndex(50, 200);
-const dummyKey2 = rootWalletKeys.deriveForChainAndIndex(60, 201);
-
 const psbtInputs = inputScriptTypes.map((scriptType) => ({ scriptType, value: BigInt(1000) }));
 const psbtOutputs = outputScriptTypes.map((scriptType) => ({ scriptType, value: BigInt(900) }));
-// const dummy1PubKey = dummyKey1.user.publicKey;
-// This generatePayGoAttestationProof function should be returning the bitcoin signed message
-const sig2 = dummyKey2.user.privateKey!;
 
 // wallet pub and priv key for tbtc
 const attestationPubKey =
   'xpub661MyMwAqRbcFU2Qx7pvGmmiQpVj8NcR7dSVpgqNChMkQyobpVWWERcrTb47WicmXwkhAY2VrC3hb29s18FDQWJf5pLm3saN6uLXAXpw1GV';
-const attestationPrvKey = 'red';
+const attestationPrvKey = 'privkeyforpaygoattestationabdef12345';
+
+// UUID structure
 const nilUUID = '00000000-0000-0000-0000-000000000000';
+
+// our xpub converted to base58 address
 const address = toBase58Check(
   crypto.hash160(Buffer.from(attestationPubKey)),
   networks.bitcoin.pubKeyHash,
   networks.bitcoin
 );
+// this should be retuning a Buffer
 const addressProofBuffer = generatePayGoAttestationProof(Buffer.from(attestationPrvKey), nilUUID, address);
+// signature with the given msg addressProofBuffer
+const sig = bitcoinMessage.sign(addressProofBuffer, Buffer.from(attestationPrvKey));
 
 function getTestPsbt() {
   return testutil.constructPsbt(psbtInputs, psbtOutputs, network, rootWalletKeys, 'unsigned');
@@ -59,36 +62,34 @@ describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
   it("should fail a proof verification if the proof isn't valid", () => {
     const outputIndex = 0;
     const psbt = getTestPsbt();
-    addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+    addPaygoAddressProof(psbt, outputIndex, sig, Buffer.from(attestationPubKey));
     const output = checkForOutput(psbt.data.outputs, outputIndex);
     const proofInPsbt = getPaygoProprietaryKey(output.unknownKeyVals!);
     assert(proofInPsbt.length === 1);
     assert.throws(
-      () => verifyPaygoAddressProof(psbt, 0, dummyKey2.user.publicKey),
+      () => verifyPaygoAddressProof(psbt, 0, Buffer.from('Random Signed Message')),
       (e: any) => e.message === 'Cannot verify the paygo address signature with the provided pubkey.'
     );
   });
 
   it('should add and verify a valid paygo address proof on the PSBT', () => {
     const outputIndex = 0;
     const psbt = getTestPsbt();
-    addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
-    // should verify function return a boolean? that way we can assert
-    // if this is verified, throws an error otherwise or false + error msg as an object
-    verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(attestationPubKey));
+    addPaygoAddressProof(psbt, outputIndex, sig, Buffer.from(attestationPubKey));
+    verifyPaygoAddressProof(psbt, outputIndex, addressProofBuffer);
   });
 
   it('should throw an error if there are multiple PayGo proprietary keys in the PSBT', () => {
     const outputIndex = 0;
     const psbt = getTestPsbt();
-    addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
-    addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig2), Buffer.from(attestationPubKey));
+    addPaygoAddressProof(psbt, outputIndex, sig, Buffer.from(attestationPubKey));
+    addPaygoAddressProof(psbt, outputIndex, Buffer.from('signature2'), Buffer.from(attestationPubKey));
     const output = checkForOutput(psbt.data.outputs, outputIndex);
     const proofInPsbt = getPaygoProprietaryKey(output.unknownKeyVals!);
     assert(proofInPsbt.length !== 0);
     assert(proofInPsbt.length <= 1);
     assert.throws(
-      () => verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(attestationPubKey)),
+      () => verifyPaygoAddressProof(psbt, outputIndex, addressProofBuffer),
       (e: any) => e.message === 'There are multiple paygo address proofs encoded in the PSBT. Something went wrong.'
     );
   });
@@ -98,7 +99,7 @@ describe('verifyPaygoAddressProof', () => {
   it('should throw an error if there is no PayGo address in PSBT', () => {
     const psbt = getTestPsbt();
     assert.throws(
-      () => verifyPaygoAddressProof(psbt, 0, Buffer.from(attestationPubKey)),
+      () => verifyPaygoAddressProof(psbt, 0, addressProofBuffer),
       (e: any) => e.message === 'here is no paygo address proof encoded in the PSBT.'
     );
   });
@@ -108,7 +109,7 @@ describe('getPaygoAddressProofIndex', () => {
   it('should get PayGo address proof index from PSBT if there is one', () => {
     const psbt = getTestPsbt();
     const outputIndex = 0;
-    addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+    addPaygoAddressProof(psbt, outputIndex, sig, Buffer.from(attestationPubKey));
     assert(psbtOutputIncludesPaygoAddressProof(psbt));
     assert(getPaygoAddressProofOutputIndex(psbt) === 0);
   });
@@ -122,13 +123,8 @@ describe('getPaygoAddressProofIndex', () => {
   it('should return an error and fail if we have multiple PayGo address in the PSBT in the same output index', () => {
     const psbt = getTestPsbt();
     const outputIndex = 0;
-    addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
-    addPaygoAddressProof(
-      psbt,
-      outputIndex,
-      Buffer.from(addressProofBuffer),
-      Buffer.from('xpub12345abcdef29a028510d3b2d4')
-    );
+    addPaygoAddressProof(psbt, outputIndex, sig, Buffer.from(attestationPubKey));
+    addPaygoAddressProof(psbt, outputIndex, sig, Buffer.from('xpub12345abcdef29a028510d3b2d4'));
     assert.throws(
       () => getPaygoAddressProofOutputIndex(psbt),
       (e: any) => e.message === 'There are multiple PayGo addresses in the PSBT output 0.'
