chore: wip paygo util functions

christopher-fong · christopher-fong · commit cd96125023aa · 2025-06-18T17:33:17.000-04:00
TICKET: BTC-2047 chore: wip adding tests for paygo address proof util functions TICKET: BTC-2047 chore: added testing and functions to get proprietary key vals from output TICKET: BTC-2047 chore: wip added functions and tests TICKET: BTC-2047
diff --git a/modules/utxo-lib/src/bitgo/UtxoPsbt.ts b/modules/utxo-lib/src/bitgo/UtxoPsbt.ts
@@ -7,7 +7,7 @@ import {
   Transaction as ITransaction,
   TransactionFromBuffer,
 } from 'bip174/src/lib/interfaces';
-import { checkForInput } from 'bip174/src/lib/utils';
+import { checkForInput, checkForOutput } from 'bip174/src/lib/utils';
 import { BufferWriter, varuint } from 'bitcoinjs-lib/src/bufferutils';
 import { SessionKey } from '@brandonblack/musig';
 import { BIP32Factory, BIP32Interface } from 'bip32';
@@ -57,6 +57,8 @@ import { getTaprootOutputKey } from '../taproot';
 import {
   getPsbtInputProprietaryKeyVals,
   getPsbtInputSignatureCount,
+  getPsbtOutputProprietaryKeyVals,
+  ProprietaryKeySearch,
   ProprietaryKeySubtype,
   PSBT_PROPRIETARY_IDENTIFIER,
 } from './PsbtUtil';
@@ -1152,6 +1154,75 @@ export class UtxoPsbt<Tx extends UtxoTransaction<bigint> = UtxoTransaction<bigin
     return this;
   }
 
+  /**
+   * Adds a proprietary key value pair to PSBT output
+   * Default identifier is utf-8 for identifier
+   */
+  addProprietaryKeyValToOutput(outputIndex: number, keyValueData: ProprietaryKeyValue): this {
+    const output = checkForOutput(this.data.outputs, outputIndex);
+    assert(output.unknownKeyVals);
+    return this.addUnknownKeyValToOutput(outputIndex, {
+      key: encodeProprietaryKey(keyValueData.key),
+      value: keyValueData.value
+    })
+  }
+
+  /**
+   * To search any data from proprietary key value against keydata in the PSBT outputs.
+   * Default identifierEncoding is utf-8 for identifier.
+   */
+  getOutputProprietaryKeyVals(outputIndex: number, keySearch?: ProprietaryKeySearch): ProprietaryKeyValue[] {
+    const output = checkForOutput(this.data.outputs, outputIndex);
+    return getPsbtOutputProprietaryKeyVals(output, keySearch);
+  }
+
+  /**
+   * Adds or updates (if exists) proprietary key value pair to PSBT output.
+   * Default identifierEncoding is utf-8 for identifier.
+   */
+  addOrUpdateProprietaryKeyValsToOutput(outputIndex: number, keyValueData: ProprietaryKeyValue): this {
+    const output = checkForOutput(this.data.outputs, outputIndex);
+    const key = encodeProprietaryKey(keyValueData.key);
+    const { value } = keyValueData;
+    if (output.unknownKeyVals?.length) {
+      const ukvIndex = output.unknownKeyVals.findIndex((ukv) => ukv.key.equals(key));
+      if (ukvIndex > -1) {
+        output.unknownKeyVals[ukvIndex] = { key, value };
+        return this;
+      }
+    }
+    this.addUnknownKeyValToOutput(outputIndex, {
+      key,
+      value,
+    });
+    return this;
+  }
+
+  /**
+   * To delete any data from proprietary key value in PSBT output.
+   * Default identifierEncoding is utf-8 for identifier.
+   */
+  deleteProprietaryKeyValsInOutput(outputIndex: number, keysToDelete?: ProprietaryKeySearch): this {
+    const output = checkForOutput(this.data.outputs, outputIndex);
+    if (!output.unknownKeyVals?.length) {
+      return this;
+    }
+    if (keysToDelete && keysToDelete.subtype === undefined && Buffer.isBuffer(keysToDelete.keydata)) {
+      throw new Error('invalid proprietary key search filter combination. subtype is required');
+    }
+    output.unknownKeyVals = output.unknownKeyVals.filter((keyValue, i) => {
+      const key = decodeProprietaryKey(keyValue.key);
+      return !(
+        keysToDelete === undefined ||
+        (keysToDelete.identifier === key.identifier &&
+          (keysToDelete.subtype === undefined ||
+            (keysToDelete.subtype === key.subtype &&
+              (!Buffer.isBuffer(keysToDelete.keydata) || keysToDelete.keydata.equals(key.keydata)))))
+      );
+    });
+    return this;
+  }
+
   private createMusig2NonceForInput(
     inputIndex: number,
     keyPair: BIP32Interface,
diff --git a/modules/utxo-lib/src/bitgo/psbt/paygoAddressProof.ts b/modules/utxo-lib/src/bitgo/psbt/paygoAddressProof.ts
@@ -0,0 +1,97 @@
+import * as assert from 'assert';
+import * as bitcoinMessage from 'bitcoinjs-message';
+import { crypto } from 'bitcoinjs-lib';
+
+import { address } from '../..';
+import { networks } from '../../networks';
+import { toBase58Check } from '../../address';
+import { getPsbtOutputProprietaryKeyVals, ProprietaryKeySubtype, PSBT_PROPRIETARY_IDENTIFIER } from '../PsbtUtil';
+import { UtxoPsbt } from '../UtxoPsbt';
+
+/** The function consumes the signature as a parameter and adds the PayGo address to the 
+ * PSBT output at the output index where the signature is of the format:
+ * 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID> signed by
+ * the HSM beforehand.
+ *
+ * @param psbt - PSBT that we need to encode our paygo address into
+ * @param outputIndex - the index of the address in our output
+ * @param sig - the signature that we want to encode
+ */
+export function addPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, sig: Buffer, pub: Buffer): void {
+  psbt.addProprietaryKeyValToOutput(outputIndex, {
+    key: {
+      identifier: PSBT_PROPRIETARY_IDENTIFIER,
+      subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
+      keydata: Buffer.from(pub)
+    },
+    value: sig,
+  });
+}
+
+/** Verify the paygo address signature is valid using BitGoJs statics
+ *
+ * @param psbt - PSBT we want to verify that the paygo address is in
+ * @param outputIndex - we have the output index that address is in
+ * @param pub - The public key that we want to verify the proof with
+ * @returns
+ */
+export function verifyPaygoAddressProof(psbt: UtxoPsbt, outputIndex: number, pub: Buffer): void {
+  const stored = psbt.getOutputProprietaryKeyVals(outputIndex, {
+    identifier: PSBT_PROPRIETARY_IDENTIFIER,
+    subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
+  });
+  if (!stored) {
+    throw new Error('No address proof');
+  }
+
+  // assert stored length is 0 or 1
+  if (stored.length === 0) {
+    throw new Error(`There is no paygo address proof encoded in the PSBT at output ${outputIndex}.`);
+  } else if (stored.length > 1) {
+    throw new Error('There are multiple paygo address proofs encoded in the PSBT. Something went wrong.');
+  }
+
+  const signature = stored[0].value;
+  // It doesn't matter that this is bitcoin or not, we just need to convert the public key buffer into an address format
+  // for the verification
+  const messageToVerify = toBase58Check(crypto.hash160(pub), networks.bitcoin.pubKeyHash, networks.bitcoin);
+
+  // TODO: need to figure out what the message is in this context
+  // Are we verifying the address of the PayGo? we can call getAddressFromScript given output index.
+  if (!bitcoinMessage.verify(message, messageToVerify, signature)) {
+    throw new Error('Cannot verify the paygo address signature with the provided pubkey.');
+  }
+
+  const out = psbt.txOutputs[outputIndex];
+  assert(out);
+  const addressFromOutput = address.fromOutputScript(out.script, psbt.network);
+  const addressFromProof = extractAddressFromPayGoAttestationProof(message, addressFromOutput.length);
+  
+  if (addressFromProof !== addressFromOutput) {
+    throw new Error(`The address from the output (${addressFromOutput}) does not match the address that is in the proof (${addressFromProof}).`)
+  }
+}
+
+/** Get the output index of the paygo output if there is one. It does this by
+ * checking if the metadata is on one of the outputs of the PSBT. If there is
+ * no paygo output, return undefined
+ *
+ * @param psbt
+ * @returns number - the index of the output address
+ */
+export function getPaygoAddressProofOutputIndex(psbt: UtxoPsbt): number | undefined {
+  const res = psbt.data.outputs.flatMap((output, outputIndex) => {
+    const proprietaryKeyVals = getPsbtOutputProprietaryKeyVals(output, {
+      identifier: PSBT_PROPRIETARY_IDENTIFIER,
+      subtype: ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF,
+    });
+
+    return proprietaryKeyVals.length === 0 ? [] : [outputIndex];
+  });
+
+  return res.length === 0 ? undefined : res[0];
+}
+
+export function psbtOutputIncludesPaygoAddressProof(psbt: UtxoPsbt): boolean {
+  return getPaygoAddressProofOutputIndex(psbt) !== undefined;
+}
diff --git a/modules/utxo-lib/src/testutil/psbt.ts b/modules/utxo-lib/src/testutil/psbt.ts
@@ -261,3 +261,26 @@ export function verifyFullySignedSignatures(
     }
   });
 }
+
+/** We generate the PayGo attestation proof based on the private key, UUID, and address of our PayGo.
+ * We create a random entropy of 64 bytes encoded to base58 and used to create the attestation proof
+ * in the format 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID>
+ * 
+ * @param attestationPrvKey 
+ * @param uuid 
+ * @param address 
+ */
+export function generatePayGoAttestationProof(attestationPrvKey: Buffer, uuid: string, address: Buffer): Buffer {
+  // This is our prefix to our bitcoin signed message
+  const prefixByte = Buffer.from([0x18]);
+  const signedMessagePrefix = Buffer.from('Bitcoin Signed Message:\n', 'utf8');
+  // We always create a 32 byte buffer array but we can implement a random
+  // function to generate between two ranges of our length of entropy
+  const entropy = Buffer.allocUnsafe(32);
+  crypto.getRandomValues(entropy);
+  const uuidToBuffer = Buffer.from(uuid, 'hex');
+  const signedMessageBufferRaw = Buffer.concat([prefixByte, signedMessagePrefix, entropy, address, uuidToBuffer]);
+  const varInt = Buffer.from([signedMessageBufferRaw.length]);
+  const fullResMessageBuffer = Buffer.concat([prefixByte, signedMessagePrefix, varInt, entropy, address, uuidToBuffer])l
+
+}
diff --git a/modules/utxo-lib/test/bitgo/psbt/paygoAddressProof.ts b/modules/utxo-lib/test/bitgo/psbt/paygoAddressProof.ts
@@ -0,0 +1,100 @@
+import * as assert from 'assert'
+import { decodeProprietaryKey } from 'bip174/src/lib/proprietaryKeyVal';
+import { KeyValue } from 'bip174/src/lib/interfaces';
+import { checkForOutput } from 'bip174/src/lib/utils';
+
+import { bip32, networks, testutil } from '../../../src'
+import { addPaygoAddressProof, verifyPaygoAddressProof, getPaygoAddressProofOutputIndex, psbtOutputIncludesPaygoAddressProof } from "../../../src/bitgo/psbt/paygoAddressProof";
+import { generatePayGoAttestationProof, inputScriptTypes, outputScriptTypes } from '../../../src/testutil';
+import { ProprietaryKeySubtype, PSBT_PROPRIETARY_IDENTIFIER, RootWalletKeys } from '../../../src/bitgo';
+
+
+const network = networks.bitcoin;
+const keys = [1,2,3].map((v) => bip32.fromSeed(Buffer.alloc(16, `test/2/${v}`), network))
+const rootWalletKeys = new RootWalletKeys([keys[0], keys[1], keys[2]])
+// const dummyKey1 = rootWalletKeys.deriveForChainAndIndex(50, 200);
+const dummyKey2 = rootWalletKeys.deriveForChainAndIndex(60, 201);
+
+const psbtInputs = inputScriptTypes.map((scriptType) => ({scriptType, value: BigInt(1000)}))
+const psbtOutputs = outputScriptTypes.map((scriptType) => ({ scriptType, value: BigInt(900)}))
+// const dummy1PubKey = dummyKey1.user.publicKey;
+// This generatePayGoAttestationProof function should be returning the bitcoin signed message
+const sig2 = dummyKey2.user.privateKey!;
+
+// wallet pub and priv key for tbtc
+const attestationPubKey = "xpub661MyMwAqRbcFU2Qx7pvGmmiQpVj8NcR7dSVpgqNChMkQyobpVWWERcrTb47WicmXwkhAY2VrC3hb29s18FDQWJf5pLm3saN6uLXAXpw1GV";
+const attestationPrvKey = "red";
+const nilUUID = '00000000-0000-0000-0000-000000000000';
+const addressProofBuffer = generatePayGoAttestationProof(Buffer.from(attestationPrvKey), nilUUID, Buffer.from(address))
+
+
+function getTestPsbt() {
+    return testutil.constructPsbt(
+        psbtInputs, psbtOutputs, network, rootWalletKeys, 'unsigned'
+    )
+}
+
+describe('addPaygoAddressProof and verifyPaygoAddressProof', () => {
+    function getPaygoProprietaryKey(proprietaryKeyVals: KeyValue[]) {
+        return proprietaryKeyVals.map(({key, value}) => {
+            return { key: decodeProprietaryKey(key), value };
+        }).filter((keyValue) => {
+            return keyValue.key.identifier === PSBT_PROPRIETARY_IDENTIFIER && keyValue.key.subtype === ProprietaryKeySubtype.PAYGO_ADDRESS_ATTESTATION_PROOF
+        });
+    }
+
+    it("should fail a proof verification if the proof isn't valid", () => {
+        const outputIndex = 0;
+        const psbt = getTestPsbt();
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+        const output = checkForOutput(psbt.data.outputs, outputIndex);
+        const proofInPsbt = getPaygoProprietaryKey(output.unknownKeyVals!);
+        assert(proofInPsbt.length === 1)
+        assert.throws(() => verifyPaygoAddressProof(psbt, 0, dummyKey2.user.publicKey), (e: any) => e.message === 'Cannot verify the paygo address signature with the provided pubkey.');
+    });
+
+    it("should add and verify a valid paygo address proof on the PSBT", () => {
+        const outputIndex = 0;
+        const psbt = getTestPsbt();
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+        // should verify function return a boolean? that way we can assert
+        // if this is verified, throws an error otherwise or false + error msg as an object
+        verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(attestationPubKey));
+    });
+
+    it("should throw an error if there are multiple PayGo proprietary keys in the PSBT", () => {
+        const outputIndex = 0;
+        const psbt = getTestPsbt();
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(sig2), Buffer.from(attestationPubKey));
+        const output = checkForOutput(psbt.data.outputs, outputIndex);
+        const proofInPsbt = getPaygoProprietaryKey(output.unknownKeyVals!);
+        assert(proofInPsbt.length !== 0)
+        assert(proofInPsbt.length <= 1)
+        assert.throws(() => verifyPaygoAddressProof(psbt, outputIndex, Buffer.from(attestationPubKey)), (e: any) => e.message === 'There are multiple paygo address proofs encoded in the PSBT. Something went wrong.');
+    });
+});
+
+
+describe('verifyPaygoAddressProof', () => {
+    it('should throw an error if there is no PayGo address in PSBT', () => {
+        const psbt = getTestPsbt();
+        assert.throws(() => verifyPaygoAddressProof(psbt, 0, Buffer.from(attestationPubKey)), (e: any) => e.message === 'here is no paygo address proof encoded in the PSBT.');
+    });
+});
+
+describe('getPaygoAddressProofIndex', () => {
+    it('should get PayGo address proof index from PSBT if there is one', () => {
+        const psbt = getTestPsbt();
+        const outputIndex = 0;
+        addPaygoAddressProof(psbt, outputIndex, Buffer.from(addressProofBuffer), Buffer.from(attestationPubKey));
+        assert(psbtOutputIncludesPaygoAddressProof(psbt));
+        assert(getPaygoAddressProofOutputIndex(psbt) === 0)
+    });
+
+    it("should return undefined if there is no PayGo address proof in PSBT", () => {
+        const psbt = getTestPsbt();
+        assert(getPaygoAddressProofOutputIndex(psbt) === undefined)
+        assert(!psbtOutputIncludesPaygoAddressProof(psbt))
+    });
+});
