@bitgo/wasm-utxo 1.6.0 → 1.8.0

package/dist/esm/test/fixedScript/musig2Nonces.js

@@ -0,0 +1,77 @@
+import assert from "assert";
+import { BIP32 } from "../../js/bip32.js";
+import { loadPsbtFixture, getBitGoPsbt } from "./fixtureUtil.js";
+describe("MuSig2 nonce management", function () {
+    describe("Bitcoin mainnet", function () {
+        const networkName = "bitcoin";
+        let fixture;
+        let userKey;
+        let backupKey;
+        let bitgoKey;
+        before(function () {
+            fixture = loadPsbtFixture(networkName, "unsigned");
+            userKey = BIP32.fromBase58(fixture.walletKeys[0]);
+            backupKey = BIP32.fromBase58(fixture.walletKeys[1]);
+            bitgoKey = BIP32.fromBase58(fixture.walletKeys[2]);
+        });
+        it("should generate nonces for MuSig2 inputs with auto-generated session ID", function () {
+            const unsignedBitgoPsbt = getBitGoPsbt(fixture, networkName);
+            // Generate nonces with auto-generated session ID (no second parameter)
+            assert.doesNotThrow(() => {
+                unsignedBitgoPsbt.generateMusig2Nonces(userKey);
+            });
+            // Verify nonces were stored by serializing and deserializing
+            const serializedWithUserNonces = unsignedBitgoPsbt.serialize();
+            assert.ok(serializedWithUserNonces.length > getBitGoPsbt(fixture, networkName).serialize().length);
+            assert.doesNotThrow(() => {
+                unsignedBitgoPsbt.generateMusig2Nonces(bitgoKey);
+            });
+            const serializedWithBitgoNonces = unsignedBitgoPsbt.serialize();
+            assert.ok(serializedWithBitgoNonces.length > serializedWithUserNonces.length);
+            assert.throws(() => {
+                unsignedBitgoPsbt.generateMusig2Nonces(backupKey);
+            }, "Should throw error when generating nonces for backup key");
+        });
+        it("implements combineMusig2Nonces", function () {
+            const unsignedBitgoPsbtWithUserNonces = getBitGoPsbt(fixture, networkName);
+            unsignedBitgoPsbtWithUserNonces.generateMusig2Nonces(userKey);
+            const unsignedBitgoPsbtWithBitgoNonces = getBitGoPsbt(fixture, networkName);
+            unsignedBitgoPsbtWithBitgoNonces.generateMusig2Nonces(bitgoKey);
+            const unsignedBitgoPsbtWithBothNonces = getBitGoPsbt(fixture, networkName);
+            unsignedBitgoPsbtWithBothNonces.combineMusig2Nonces(unsignedBitgoPsbtWithUserNonces);
+            unsignedBitgoPsbtWithBothNonces.combineMusig2Nonces(unsignedBitgoPsbtWithBitgoNonces);
+            {
+                const psbt = getBitGoPsbt(fixture, networkName);
+                psbt.combineMusig2Nonces(unsignedBitgoPsbtWithUserNonces);
+                assert.strictEqual(psbt.serialize().length, unsignedBitgoPsbtWithUserNonces.serialize().length);
+            }
+            {
+                const psbt = getBitGoPsbt(fixture, networkName);
+                psbt.combineMusig2Nonces(unsignedBitgoPsbtWithBitgoNonces);
+                assert.strictEqual(psbt.serialize().length, unsignedBitgoPsbtWithBitgoNonces.serialize().length);
+            }
+            {
+                const psbt = getBitGoPsbt(fixture, networkName);
+                psbt.combineMusig2Nonces(unsignedBitgoPsbtWithUserNonces);
+                psbt.combineMusig2Nonces(unsignedBitgoPsbtWithBitgoNonces);
+                assert.strictEqual(psbt.serialize().length, unsignedBitgoPsbtWithBothNonces.serialize().length);
+            }
+        });
+        it("should reject invalid session ID length", function () {
+            const unsignedBitgoPsbt = getBitGoPsbt(fixture, networkName);
+            // Invalid session ID (wrong length)
+            const invalidSessionId = new Uint8Array(16); // Should be 32 bytes
+            assert.throws(() => {
+                unsignedBitgoPsbt.generateMusig2Nonces(userKey, invalidSessionId);
+            }, "Should throw error for invalid session ID length");
+        });
+        it("should reject custom session ID on mainnet (security)", function () {
+            const unsignedBitgoPsbt = getBitGoPsbt(fixture, "bitcoin");
+            // Custom session ID should be rejected on mainnet for security
+            const customSessionId = new Uint8Array(32).fill(1);
+            assert.throws(() => {
+                unsignedBitgoPsbt.generateMusig2Nonces(userKey, customSessionId);
+            }, /Custom session_id is only allowed on testnets/, "Should throw error when providing custom session_id on mainnet");
+        });
+    });
+});

package/dist/esm/test/fixedScript/parseTransactionWithWalletKeys.js

@@ -1,7 +1,7 @@
 import assert from "node:assert";
 import * as utxolib from "@bitgo/utxo-lib";
 import { fixedScriptWallet } from "../../js/index.js";
-import { loadPsbtFixture, loadWalletKeysFromFixture, getPsbtBuffer } from "./fixtureUtil.js";
+import { loadPsbtFixture, loadWalletKeysFromFixture, getPsbtBuffer, loadReplayProtectionKeyFromFixture, } from "./fixtureUtil.js";
 function getExpectedInputScriptType(fixtureScriptType) {
     // Map fixture types to InputScriptType values
     // Based on the Rust mapping in src/fixed_script_wallet/test_utils/fixtures.rs
@@ -26,8 +26,6 @@ function getOtherWalletKeys() {
     return new utxolib.bitgo.RootWalletKeys(otherWalletKeys);
 }
 describe("parseTransactionWithWalletKeys", function () {
-    // Replay protection script that matches Rust tests
-    const replayProtectionScript = Buffer.from("a91420b37094d82a513451ff0ccd9db23aba05bc5ef387", "hex");
     const supportedNetworks = utxolib.getNetworkList().filter((network) => {
         return (utxolib.isMainnet(network) &&
             network !== utxolib.networks.bitcoincash &&
@@ -42,12 +40,14 @@ describe("parseTransactionWithWalletKeys", function () {
             let fullsignedPsbtBytes;
             let bitgoPsbt;
             let rootWalletKeys;
+            let replayProtectionKey;
             let fixture;
             before(function () {
                 fixture = loadPsbtFixture(networkName, "fullsigned");
                 fullsignedPsbtBytes = getPsbtBuffer(fixture);
                 bitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(fullsignedPsbtBytes, networkName);
-                rootWalletKeys = loadWalletKeysFromFixture(networkName);
+                rootWalletKeys = loadWalletKeysFromFixture(fixture);
+                replayProtectionKey = loadReplayProtectionKeyFromFixture(fixture);
             });
             it("should have matching unsigned transaction ID", function () {
                 const unsignedTxid = bitgoPsbt.unsignedTxid();
@@ -59,7 +59,7 @@ describe("parseTransactionWithWalletKeys", function () {
             });
             it("should parse transaction and identify internal/external outputs", function () {
                 const parsed = bitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
-                    outputScripts: [replayProtectionScript],
+                    publicKeys: [replayProtectionKey],
                 });
                 // Verify all inputs have addresses and values
                 parsed.inputs.forEach((input, i) => {
@@ -104,7 +104,7 @@ describe("parseTransactionWithWalletKeys", function () {
             });
             it("should parse inputs with correct scriptType", function () {
                 const parsed = bitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
-                    outputScripts: [replayProtectionScript],
+                    publicKeys: [replayProtectionKey],
                 });
                 // Verify all inputs have scriptType matching fixture
                 parsed.inputs.forEach((input, i) => {
@@ -116,7 +116,7 @@ describe("parseTransactionWithWalletKeys", function () {
             it("should fail to parse with other wallet keys", function () {
                 assert.throws(() => {
                     bitgoPsbt.parseTransactionWithWalletKeys(getOtherWalletKeys(), {
-                        outputScripts: [replayProtectionScript],
+                        publicKeys: [replayProtectionKey],
                     });
                 }, (error) => {
                     return error.message.includes("Failed to parse transaction: Input 0: wallet validation failed");

package/dist/esm/test/fixedScript/signAndVerifySignature.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/esm/test/fixedScript/signAndVerifySignature.js

@@ -0,0 +1,268 @@
+import assert from "node:assert";
+import * as utxolib from "@bitgo/utxo-lib";
+import { BIP32 } from "../../js/index.js";
+import { loadPsbtFixture, loadWalletKeysFromFixture, getBitGoPsbt, loadReplayProtectionKeyFromFixture, } from "./fixtureUtil.js";
+/**
+ * Load xprivs from a fixture
+ * @param fixture - The test fixture
+ * @returns The xprivs for user, backup, and bitgo keys
+ */
+function loadXprivsFromFixture(fixture) {
+    const [userXpriv, backupXpriv, bitgoXpriv] = fixture.walletKeys.map((xprv) => BIP32.fromBase58(xprv));
+    return {
+        user: userXpriv,
+        backup: backupXpriv,
+        bitgo: bitgoXpriv,
+    };
+}
+/**
+ * Get expected signature state for an input based on type and signing stage
+ * @param inputType - The type of input (e.g., "p2shP2pk", "p2trMusig2", "taprootKeyPathSpend")
+ * @param signatureStage - The signing stage (unsigned, halfsigned, fullsigned)
+ * @returns Expected signature state for replay protection OR multi-key signatures
+ */
+function getExpectedSignatures(inputType, signatureStage) {
+    // p2shP2pk inputs use replay protection signature verification
+    if (inputType === "p2shP2pk") {
+        return {
+            hasReplayProtectionSignature: signatureStage === "halfsigned" || signatureStage === "fullsigned",
+        };
+    }
+    switch (signatureStage) {
+        case "unsigned":
+            return { user: false, backup: false, bitgo: false };
+        case "halfsigned":
+            // User signs first
+            return { user: true, backup: false, bitgo: false };
+        case "fullsigned":
+            // p2trMusig2 uses user + backup for 2-of-2 MuSig2
+            if (inputType === "p2trMusig2") {
+                return { user: true, backup: true, bitgo: false };
+            }
+            // Regular multisig uses user + bitgo
+            return { user: true, backup: false, bitgo: true };
+        default:
+            throw new Error(`Unknown signature stage: ${String(signatureStage)}`);
+    }
+}
+/**
+ * Verify signature state for a specific input in a PSBT
+ * @param bitgoPsbt - The PSBT to verify
+ * @param rootWalletKeys - Wallet keys for verification
+ * @param inputIndex - The input index to verify
+ * @param inputType - The type of input (for replay protection handling)
+ * @param expectedSignatures - Expected signature state for each key or replay protection
+ */
+function verifyInputSignatures(bitgoPsbt, parsed, rootWalletKeys, replayProtectionKey, inputIndex, expectedSignatures) {
+    // Handle replay protection inputs (P2shP2pk)
+    if ("hasReplayProtectionSignature" in expectedSignatures) {
+        const hasReplaySig = bitgoPsbt.verifyReplayProtectionSignature(inputIndex, {
+            publicKeys: [replayProtectionKey],
+        });
+        assert.strictEqual(hasReplaySig, expectedSignatures.hasReplayProtectionSignature, `Input ${inputIndex} replay protection signature mismatch`);
+        return;
+    }
+    if (parsed.inputs[inputIndex].scriptType === "p2shP2pk") {
+        const hasReplaySig = bitgoPsbt.verifySignature(inputIndex, replayProtectionKey);
+        assert.ok("hasReplayProtectionSignature" in expectedSignatures, "Expected hasReplayProtectionSignature to be present");
+        assert.strictEqual(hasReplaySig, expectedSignatures.hasReplayProtectionSignature, `Input ${inputIndex} replay protection signature mismatch`);
+        return;
+    }
+    // Handle standard multisig inputs
+    const hasUserSig = bitgoPsbt.verifySignature(inputIndex, rootWalletKeys.userKey());
+    const hasBackupSig = bitgoPsbt.verifySignature(inputIndex, rootWalletKeys.backupKey());
+    const hasBitGoSig = bitgoPsbt.verifySignature(inputIndex, rootWalletKeys.bitgoKey());
+    const scriptType = parsed.inputs[inputIndex].scriptType;
+    assert.strictEqual(hasUserSig, expectedSignatures.user, `Input ${inputIndex} user key signature mismatch type=${scriptType}`);
+    assert.strictEqual(hasBackupSig, expectedSignatures.backup, `Input ${inputIndex} backup key signature mismatch type=${scriptType}`);
+    assert.strictEqual(hasBitGoSig, expectedSignatures.bitgo, `Input ${inputIndex} BitGo key signature mismatch type=${scriptType}`);
+}
+/**
+ * Helper to verify signatures for all inputs in a PSBT
+ * @param bitgoPsbt - The PSBT to verify
+ * @param fixture - The test fixture containing input metadata
+ * @param rootWalletKeys - Wallet keys for verification
+ * @param replayProtectionKey - Key for replay protection inputs
+ * @param signatureStage - The signing stage (unsigned, halfsigned, fullsigned)
+ */
+function verifyAllInputSignatures(bitgoPsbt, fixture, rootWalletKeys, replayProtectionKey, signatureStage) {
+    const parsed = bitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
+        publicKeys: [replayProtectionKey],
+    });
+    fixture.psbtInputs.forEach((input, index) => {
+        verifyInputSignatures(bitgoPsbt, parsed, rootWalletKeys, replayProtectionKey, index, getExpectedSignatures(input.type, signatureStage));
+    });
+}
+function signInputAndVerify(bitgoPsbt, index, key, keyName, inputType) {
+    bitgoPsbt.sign(index, key);
+    assert.strictEqual(bitgoPsbt.verifySignature(index, key), true, `Input ${index} signature mismatch key=${keyName} type=${inputType}`);
+}
+/**
+ * Sign all inputs in a PSBT according to the signature stage
+ * @param bitgoPsbt - The PSBT to sign
+ * @param rootWalletKeys - Wallet keys for parsing the transaction
+ * @param xprivs - The xprivs to use for signing
+ * @param replayProtectionKey - The ECPair for signing replay protection (p2shP2pk) inputs
+ */
+function signAllInputs(bitgoPsbt, rootWalletKeys, xprivs, replayProtectionKey) {
+    // Parse transaction to get input types
+    const parsed = bitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
+        publicKeys: [replayProtectionKey],
+    });
+    // Generate MuSig2 nonces for user and backup keys (MuSig2 uses 2-of-2 with user+backup)
+    bitgoPsbt.generateMusig2Nonces(xprivs.user);
+    bitgoPsbt.generateMusig2Nonces(xprivs.bitgo);
+    // First pass: sign with user key (skip p2shP2pk inputs)
+    parsed.inputs.forEach((input, index) => {
+        switch (input.scriptType) {
+            case "p2shP2pk":
+                break;
+            default:
+                signInputAndVerify(bitgoPsbt, index, xprivs.user, "user", input.scriptType);
+                break;
+        }
+    });
+    // Second pass: sign with appropriate second key
+    parsed.inputs.forEach((input, index) => {
+        switch (input.scriptType) {
+            case "p2shP2pk":
+                signInputAndVerify(bitgoPsbt, index, replayProtectionKey, "replayProtection", input.scriptType);
+                break;
+            case "p2trMusig2ScriptPath":
+                // MuSig2 script path inputs use backup key for second signature
+                signInputAndVerify(bitgoPsbt, index, xprivs.backup, "backup", input.scriptType);
+                break;
+            default:
+                // Regular multisig uses bitgo key
+                signInputAndVerify(bitgoPsbt, index, xprivs.bitgo, "bitgo", input.scriptType);
+                break;
+        }
+    });
+}
+/**
+ * Run tests for a fixture: load PSBT, verify, sign, and verify again
+ * @param fixture - The test fixture
+ * @param networkName - The network name for deserializing the PSBT
+ * @param rootWalletKeys - Wallet keys for verification
+ * @param replayProtectionKey - Key for replay protection inputs
+ * @param xprivs - The xprivs to use for signing
+ * @param signatureStage - The current signing stage
+ */
+function runTestsForFixture(fixture, networkName, rootWalletKeys, replayProtectionKey, xprivs, signatureStage) {
+    // Load PSBT from fixture
+    const bitgoPsbt = getBitGoPsbt(fixture, networkName);
+    // Verify current state
+    verifyAllInputSignatures(bitgoPsbt, fixture, rootWalletKeys, replayProtectionKey, signatureStage);
+    // Sign inputs (if not already fully signed)
+    if (signatureStage !== "unsigned") {
+        signAllInputs(bitgoPsbt, rootWalletKeys, xprivs, replayProtectionKey);
+    }
+}
+describe("verifySignature", function () {
+    const supportedNetworks = utxolib.getNetworkList().filter((network) => {
+        return (utxolib.isMainnet(network) &&
+            network !== utxolib.networks.bitcoincash &&
+            network !== utxolib.networks.bitcoingold &&
+            network !== utxolib.networks.bitcoinsv &&
+            network !== utxolib.networks.ecash &&
+            network !== utxolib.networks.zcash);
+    });
+    supportedNetworks.forEach((network) => {
+        const networkName = utxolib.getNetworkName(network);
+        describe(`network: ${networkName}`, function () {
+            let rootWalletKeys;
+            let replayProtectionKey;
+            let xprivs;
+            let unsignedFixture;
+            let halfsignedFixture;
+            let fullsignedFixture;
+            before(function () {
+                unsignedFixture = loadPsbtFixture(networkName, "unsigned");
+                halfsignedFixture = loadPsbtFixture(networkName, "halfsigned");
+                fullsignedFixture = loadPsbtFixture(networkName, "fullsigned");
+                rootWalletKeys = loadWalletKeysFromFixture(fullsignedFixture);
+                replayProtectionKey = loadReplayProtectionKeyFromFixture(fullsignedFixture);
+                xprivs = loadXprivsFromFixture(fullsignedFixture);
+            });
+            describe("unsigned PSBT", function () {
+                it("should return false for unsigned inputs, then sign and verify", function () {
+                    runTestsForFixture(unsignedFixture, networkName, rootWalletKeys, replayProtectionKey, xprivs, "unsigned");
+                });
+            });
+            describe("half-signed PSBT", function () {
+                it("should return true for signed xpubs and false for unsigned, then sign and verify", function () {
+                    runTestsForFixture(halfsignedFixture, networkName, rootWalletKeys, replayProtectionKey, xprivs, "halfsigned");
+                });
+            });
+            describe("fully signed PSBT", function () {
+                it("should have 2 signatures (2-of-3 multisig)", function () {
+                    runTestsForFixture(fullsignedFixture, networkName, rootWalletKeys, replayProtectionKey, xprivs, "fullsigned");
+                });
+            });
+            describe("error handling", function () {
+                it("should throw error for out of bounds input index", function () {
+                    const psbt = getBitGoPsbt(fullsignedFixture, networkName);
+                    assert.throws(() => {
+                        psbt.verifySignature(999, rootWalletKeys.userKey());
+                    }, (error) => {
+                        return error.message.includes("Input index 999 out of bounds");
+                    }, "Should throw error for out of bounds input index");
+                });
+                it("should throw error for invalid xpub", function () {
+                    const psbt = getBitGoPsbt(fullsignedFixture, networkName);
+                    assert.throws(() => {
+                        psbt.verifySignature(0, "invalid-xpub");
+                    }, (error) => {
+                        return error.message.includes("Invalid");
+                    }, "Should throw error for invalid xpub");
+                });
+                it("should return false for xpub not in derivation path", function () {
+                    const psbt = getBitGoPsbt(fullsignedFixture, networkName);
+                    // Create a different xpub that's not in the wallet
+                    // Use a proper 32-byte seed (256 bits)
+                    const differentSeed = Buffer.alloc(32, 0xaa); // 32 bytes filled with 0xaa
+                    const differentKey = BIP32.fromSeed(differentSeed);
+                    const differentXpub = differentKey.neutered();
+                    const result = psbt.verifySignature(0, differentXpub);
+                    assert.strictEqual(result, false, "Should return false for xpub not in PSBT derivation paths");
+                });
+                it("should verify signature with raw public key (Uint8Array)", function () {
+                    const psbt = getBitGoPsbt(fullsignedFixture, networkName);
+                    // Verify that xpub-based verification works
+                    const userKey = rootWalletKeys.userKey();
+                    const hasXpubSig = psbt.verifySignature(0, userKey);
+                    // This test specifically checks that raw public key verification works
+                    // We test the underlying WASM API by ensuring both xpub and raw pubkey
+                    // calls reach the correct methods
+                    // Use a random public key that's not in the PSBT to test the API works
+                    const randomSeed = Buffer.alloc(32, 0xcc);
+                    const randomKey = BIP32.fromSeed(randomSeed);
+                    const randomPubkey = randomKey.publicKey;
+                    // This should return false (no signature for this key)
+                    const result = psbt.verifySignature(0, randomPubkey);
+                    assert.strictEqual(result, false, "Should return false for public key not in PSBT");
+                    // Verify the xpub check still works (regression test)
+                    assert.strictEqual(hasXpubSig, true, "Should still verify with xpub");
+                });
+                it("should return false for raw public key with no signature", function () {
+                    const psbt = getBitGoPsbt(fullsignedFixture, networkName);
+                    // Create a random public key that's not in the PSBT
+                    const randomSeed = Buffer.alloc(32, 0xbb);
+                    const randomKey = BIP32.fromSeed(randomSeed);
+                    const randomPubkey = randomKey.publicKey;
+                    const result = psbt.verifySignature(0, randomPubkey);
+                    assert.strictEqual(result, false, "Should return false for public key not in PSBT signatures");
+                });
+                it("should throw error for invalid key length", function () {
+                    const psbt = getBitGoPsbt(fullsignedFixture, networkName);
+                    const invalidKey = Buffer.alloc(31); // Invalid length (should be 32 for private key or 33 for public key)
+                    assert.throws(() => {
+                        psbt.verifySignature(0, invalidKey);
+                    }, (error) => {
+                        return error.message.includes("Invalid key length");
+                    }, "Should throw error for invalid key length");
+                });
+            });
+        });
+    });
+});

package/dist/esm/test/fixedScript/walletKeys.util.d.ts

@@ -0,0 +1,12 @@
+import * as utxolib from "@bitgo/utxo-lib";
+import type { Triple } from "../../js/triple.js";
+/**
+ * Convert utxolib BIP32 keys to WASM wallet keys format (Triple<string>)
+ */
+export declare function toWasmWalletKeys(keys: [utxolib.BIP32Interface, utxolib.BIP32Interface, utxolib.BIP32Interface]): Triple<string>;
+/**
+ * Get standard replay protection configuration
+ */
+export declare function getStandardReplayProtection(): {
+    outputScripts: Uint8Array[];
+};

package/dist/esm/test/fixedScript/walletKeys.util.js

@@ -0,0 +1,17 @@
+/**
+ * Convert utxolib BIP32 keys to WASM wallet keys format (Triple<string>)
+ */
+export function toWasmWalletKeys(keys) {
+    return [
+        keys[0].neutered().toBase58(),
+        keys[1].neutered().toBase58(),
+        keys[2].neutered().toBase58(),
+    ];
+}
+/**
+ * Get standard replay protection configuration
+ */
+export function getStandardReplayProtection() {
+    const replayProtectionScript = Buffer.from("a91420b37094d82a513451ff0ccd9db23aba05bc5ef387", "hex");
+    return { outputScripts: [replayProtectionScript] };
+}