@bitgo/wasm-utxo 1.6.0 → 1.8.0

package/dist/cjs/js/fixedScriptWallet.js

@@ -1,138 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.BitGoPsbt = void 0;
-exports.outputScript = outputScript;
-exports.address = address;
-const wasm_utxo_js_1 = require("./wasm/wasm_utxo.js");
-/**
- * Create the output script for a given wallet keys and chain and index
- */
-function outputScript(keys, chain, index, network) {
-    return wasm_utxo_js_1.FixedScriptWalletNamespace.output_script(keys, chain, index, network);
-}
-/**
- * Create the address for a given wallet keys and chain and index and network.
- * Wrapper for outputScript that also encodes the script to an address.
- * @param keys - The wallet keys to use.
- * @param chain - The chain to use.
- * @param index - The index to use.
- * @param network - The network to use.
- * @param addressFormat - The address format to use.
- *   Only relevant for Bitcoin Cash and eCash networks, where:
- *   - "default" means base58check,
- *   - "cashaddr" means cashaddr.
- */
-function address(keys, chain, index, network, addressFormat) {
-    return wasm_utxo_js_1.FixedScriptWalletNamespace.address(keys, chain, index, network, addressFormat);
-}
-const wasm_utxo_js_2 = require("./wasm/wasm_utxo.js");
-class BitGoPsbt {
-    wasm;
-    constructor(wasm) {
-        this.wasm = wasm;
-    }
-    /**
-     * Deserialize a PSBT from bytes
-     * @param bytes - The PSBT bytes
-     * @param network - The network to use for deserialization (either utxolib name like "bitcoin" or coin name like "btc")
-     * @returns A BitGoPsbt instance
-     */
-    static fromBytes(bytes, network) {
-        const wasm = wasm_utxo_js_2.BitGoPsbt.from_bytes(bytes, network);
-        return new BitGoPsbt(wasm);
-    }
-    /**
-     * Get the unsigned transaction ID
-     * @returns The unsigned transaction ID
-     */
-    unsignedTxid() {
-        return this.wasm.unsigned_txid();
-    }
-    /**
-     * Parse transaction with wallet keys to identify wallet inputs/outputs
-     * @param walletKeys - The wallet keys to use for identification
-     * @param replayProtection - Scripts that are allowed as inputs without wallet validation
-     * @returns Parsed transaction information
-     */
-    parseTransactionWithWalletKeys(walletKeys, replayProtection) {
-        return this.wasm.parse_transaction_with_wallet_keys(walletKeys, replayProtection);
-    }
-    /**
-     * Parse outputs with wallet keys to identify which outputs belong to a wallet
-     * with the given wallet keys.
-     *
-     * This is useful in cases where we want to identify outputs that belong to a different
-     * wallet than the inputs.
-     *
-     * @param walletKeys - The wallet keys to use for identification
-     * @returns Array of parsed outputs
-     * @note This method does NOT validate wallet inputs. It only parses outputs.
-     */
-    parseOutputsWithWalletKeys(walletKeys) {
-        return this.wasm.parse_outputs_with_wallet_keys(walletKeys);
-    }
-    /**
-     * Verify if a valid signature exists for a given extended public key at the specified input index.
-     *
-     * This method derives the public key from the xpub using the derivation path found in the
-     * PSBT input, then verifies the signature. It supports:
-     * - ECDSA signatures (for legacy/SegWit inputs)
-     * - Schnorr signatures (for Taproot script path inputs)
-     * - MuSig2 partial signatures (for Taproot keypath MuSig2 inputs)
-     *
-     * @param inputIndex - The index of the input to check (0-based)
-     * @param xpub - The extended public key as a base58-encoded string
-     * @returns true if a valid signature exists, false if no signature exists
-     * @throws Error if input index is out of bounds, xpub is invalid, or verification fails
-     */
-    verifySignature(inputIndex, xpub) {
-        return this.wasm.verify_signature(inputIndex, xpub);
-    }
-    /**
-     * Verify if a replay protection input has a valid signature.
-     *
-     * This method checks if a given input is a replay protection input (like P2shP2pk) and verifies
-     * the signature. Replay protection inputs don't use standard derivation paths, so this method
-     * verifies signatures without deriving from xpub.
-     *
-     * For P2PK replay protection inputs, this:
-     * - Extracts the signature from final_script_sig
-     * - Extracts the public key from redeem_script
-     * - Computes the legacy P2SH sighash
-     * - Verifies the ECDSA signature cryptographically
-     *
-     * @param inputIndex - The index of the input to check (0-based)
-     * @param replayProtection - Scripts that identify replay protection inputs (same format as parseTransactionWithWalletKeys)
-     * @returns true if the input is a replay protection input and has a valid signature, false if no valid signature
-     * @throws Error if the input is not a replay protection input, index is out of bounds, or scripts are invalid
-     */
-    verifyReplayProtectionSignature(inputIndex, replayProtection) {
-        return this.wasm.verify_replay_protection_signature(inputIndex, replayProtection);
-    }
-    /**
-     * Serialize the PSBT to bytes
-     *
-     * @returns The serialized PSBT as a byte array
-     */
-    serialize() {
-        return this.wasm.serialize();
-    }
-    /**
-     * Finalize all inputs in the PSBT
-     *
-     * @throws Error if any input failed to finalize
-     */
-    finalizeAllInputs() {
-        this.wasm.finalize_all_inputs();
-    }
-    /**
-     * Extract the final transaction from a finalized PSBT
-     *
-     * @returns The serialized transaction bytes
-     * @throws Error if the PSBT is not fully finalized or extraction fails
-     */
-    extractTransaction() {
-        return this.wasm.extract_transaction();
-    }
-}
-exports.BitGoPsbt = BitGoPsbt;

package/dist/esm/js/fixedScriptWallet.d.ts

@@ -1,146 +0,0 @@
-import type { UtxolibName, UtxolibNetwork, UtxolibRootWalletKeys } from "./utxolibCompat.js";
-import type { CoinName } from "./coinName.js";
-import { Triple } from "./triple.js";
-import { AddressFormat } from "./address.js";
-export type NetworkName = UtxolibName | CoinName;
-export type WalletKeys = 
-/** Just an xpub triple, will assume default derivation prefixes  */
-Triple<string>
-/** Compatible with utxolib RootWalletKeys */
- | UtxolibRootWalletKeys;
-/**
- * Create the output script for a given wallet keys and chain and index
- */
-export declare function outputScript(keys: WalletKeys, chain: number, index: number, network: UtxolibNetwork): Uint8Array;
-/**
- * Create the address for a given wallet keys and chain and index and network.
- * Wrapper for outputScript that also encodes the script to an address.
- * @param keys - The wallet keys to use.
- * @param chain - The chain to use.
- * @param index - The index to use.
- * @param network - The network to use.
- * @param addressFormat - The address format to use.
- *   Only relevant for Bitcoin Cash and eCash networks, where:
- *   - "default" means base58check,
- *   - "cashaddr" means cashaddr.
- */
-export declare function address(keys: WalletKeys, chain: number, index: number, network: UtxolibNetwork, addressFormat?: AddressFormat): string;
-type ReplayProtection = {
-    outputScripts: Uint8Array[];
-} | {
-    addresses: string[];
-};
-export type ScriptId = {
-    chain: number;
-    index: number;
-};
-export type InputScriptType = "p2shP2pk" | "p2sh" | "p2shP2wsh" | "p2wsh" | "p2trLegacy" | "p2trMusig2ScriptPath" | "p2trMusig2KeyPath";
-export type ParsedInput = {
-    address: string;
-    script: Uint8Array;
-    value: bigint;
-    scriptId: ScriptId | null;
-    scriptType: InputScriptType;
-};
-export type ParsedOutput = {
-    address: string | null;
-    script: Uint8Array;
-    value: bigint;
-    scriptId: ScriptId | null;
-};
-export type ParsedTransaction = {
-    inputs: ParsedInput[];
-    outputs: ParsedOutput[];
-    spendAmount: bigint;
-    minerFee: bigint;
-    virtualSize: number;
-};
-export declare class BitGoPsbt {
-    private wasm;
-    private constructor();
-    /**
-     * Deserialize a PSBT from bytes
-     * @param bytes - The PSBT bytes
-     * @param network - The network to use for deserialization (either utxolib name like "bitcoin" or coin name like "btc")
-     * @returns A BitGoPsbt instance
-     */
-    static fromBytes(bytes: Uint8Array, network: NetworkName): BitGoPsbt;
-    /**
-     * Get the unsigned transaction ID
-     * @returns The unsigned transaction ID
-     */
-    unsignedTxid(): string;
-    /**
-     * Parse transaction with wallet keys to identify wallet inputs/outputs
-     * @param walletKeys - The wallet keys to use for identification
-     * @param replayProtection - Scripts that are allowed as inputs without wallet validation
-     * @returns Parsed transaction information
-     */
-    parseTransactionWithWalletKeys(walletKeys: WalletKeys, replayProtection: ReplayProtection): ParsedTransaction;
-    /**
-     * Parse outputs with wallet keys to identify which outputs belong to a wallet
-     * with the given wallet keys.
-     *
-     * This is useful in cases where we want to identify outputs that belong to a different
-     * wallet than the inputs.
-     *
-     * @param walletKeys - The wallet keys to use for identification
-     * @returns Array of parsed outputs
-     * @note This method does NOT validate wallet inputs. It only parses outputs.
-     */
-    parseOutputsWithWalletKeys(walletKeys: WalletKeys): ParsedOutput[];
-    /**
-     * Verify if a valid signature exists for a given extended public key at the specified input index.
-     *
-     * This method derives the public key from the xpub using the derivation path found in the
-     * PSBT input, then verifies the signature. It supports:
-     * - ECDSA signatures (for legacy/SegWit inputs)
-     * - Schnorr signatures (for Taproot script path inputs)
-     * - MuSig2 partial signatures (for Taproot keypath MuSig2 inputs)
-     *
-     * @param inputIndex - The index of the input to check (0-based)
-     * @param xpub - The extended public key as a base58-encoded string
-     * @returns true if a valid signature exists, false if no signature exists
-     * @throws Error if input index is out of bounds, xpub is invalid, or verification fails
-     */
-    verifySignature(inputIndex: number, xpub: string): boolean;
-    /**
-     * Verify if a replay protection input has a valid signature.
-     *
-     * This method checks if a given input is a replay protection input (like P2shP2pk) and verifies
-     * the signature. Replay protection inputs don't use standard derivation paths, so this method
-     * verifies signatures without deriving from xpub.
-     *
-     * For P2PK replay protection inputs, this:
-     * - Extracts the signature from final_script_sig
-     * - Extracts the public key from redeem_script
-     * - Computes the legacy P2SH sighash
-     * - Verifies the ECDSA signature cryptographically
-     *
-     * @param inputIndex - The index of the input to check (0-based)
-     * @param replayProtection - Scripts that identify replay protection inputs (same format as parseTransactionWithWalletKeys)
-     * @returns true if the input is a replay protection input and has a valid signature, false if no valid signature
-     * @throws Error if the input is not a replay protection input, index is out of bounds, or scripts are invalid
-     */
-    verifyReplayProtectionSignature(inputIndex: number, replayProtection: ReplayProtection): boolean;
-    /**
-     * Serialize the PSBT to bytes
-     *
-     * @returns The serialized PSBT as a byte array
-     */
-    serialize(): Uint8Array;
-    /**
-     * Finalize all inputs in the PSBT
-     *
-     * @throws Error if any input failed to finalize
-     */
-    finalizeAllInputs(): void;
-    /**
-     * Extract the final transaction from a finalized PSBT
-     *
-     * @returns The serialized transaction bytes
-     * @throws Error if the PSBT is not fully finalized or extraction fails
-     */
-    extractTransaction(): Uint8Array;
-}
-export {};

package/dist/esm/js/fixedScriptWallet.js

@@ -1,132 +0,0 @@
-import { FixedScriptWalletNamespace } from "./wasm/wasm_utxo.js";
-/**
- * Create the output script for a given wallet keys and chain and index
- */
-export function outputScript(keys, chain, index, network) {
-    return FixedScriptWalletNamespace.output_script(keys, chain, index, network);
-}
-/**
- * Create the address for a given wallet keys and chain and index and network.
- * Wrapper for outputScript that also encodes the script to an address.
- * @param keys - The wallet keys to use.
- * @param chain - The chain to use.
- * @param index - The index to use.
- * @param network - The network to use.
- * @param addressFormat - The address format to use.
- *   Only relevant for Bitcoin Cash and eCash networks, where:
- *   - "default" means base58check,
- *   - "cashaddr" means cashaddr.
- */
-export function address(keys, chain, index, network, addressFormat) {
-    return FixedScriptWalletNamespace.address(keys, chain, index, network, addressFormat);
-}
-import { BitGoPsbt as WasmBitGoPsbt } from "./wasm/wasm_utxo.js";
-export class BitGoPsbt {
-    wasm;
-    constructor(wasm) {
-        this.wasm = wasm;
-    }
-    /**
-     * Deserialize a PSBT from bytes
-     * @param bytes - The PSBT bytes
-     * @param network - The network to use for deserialization (either utxolib name like "bitcoin" or coin name like "btc")
-     * @returns A BitGoPsbt instance
-     */
-    static fromBytes(bytes, network) {
-        const wasm = WasmBitGoPsbt.from_bytes(bytes, network);
-        return new BitGoPsbt(wasm);
-    }
-    /**
-     * Get the unsigned transaction ID
-     * @returns The unsigned transaction ID
-     */
-    unsignedTxid() {
-        return this.wasm.unsigned_txid();
-    }
-    /**
-     * Parse transaction with wallet keys to identify wallet inputs/outputs
-     * @param walletKeys - The wallet keys to use for identification
-     * @param replayProtection - Scripts that are allowed as inputs without wallet validation
-     * @returns Parsed transaction information
-     */
-    parseTransactionWithWalletKeys(walletKeys, replayProtection) {
-        return this.wasm.parse_transaction_with_wallet_keys(walletKeys, replayProtection);
-    }
-    /**
-     * Parse outputs with wallet keys to identify which outputs belong to a wallet
-     * with the given wallet keys.
-     *
-     * This is useful in cases where we want to identify outputs that belong to a different
-     * wallet than the inputs.
-     *
-     * @param walletKeys - The wallet keys to use for identification
-     * @returns Array of parsed outputs
-     * @note This method does NOT validate wallet inputs. It only parses outputs.
-     */
-    parseOutputsWithWalletKeys(walletKeys) {
-        return this.wasm.parse_outputs_with_wallet_keys(walletKeys);
-    }
-    /**
-     * Verify if a valid signature exists for a given extended public key at the specified input index.
-     *
-     * This method derives the public key from the xpub using the derivation path found in the
-     * PSBT input, then verifies the signature. It supports:
-     * - ECDSA signatures (for legacy/SegWit inputs)
-     * - Schnorr signatures (for Taproot script path inputs)
-     * - MuSig2 partial signatures (for Taproot keypath MuSig2 inputs)
-     *
-     * @param inputIndex - The index of the input to check (0-based)
-     * @param xpub - The extended public key as a base58-encoded string
-     * @returns true if a valid signature exists, false if no signature exists
-     * @throws Error if input index is out of bounds, xpub is invalid, or verification fails
-     */
-    verifySignature(inputIndex, xpub) {
-        return this.wasm.verify_signature(inputIndex, xpub);
-    }
-    /**
-     * Verify if a replay protection input has a valid signature.
-     *
-     * This method checks if a given input is a replay protection input (like P2shP2pk) and verifies
-     * the signature. Replay protection inputs don't use standard derivation paths, so this method
-     * verifies signatures without deriving from xpub.
-     *
-     * For P2PK replay protection inputs, this:
-     * - Extracts the signature from final_script_sig
-     * - Extracts the public key from redeem_script
-     * - Computes the legacy P2SH sighash
-     * - Verifies the ECDSA signature cryptographically
-     *
-     * @param inputIndex - The index of the input to check (0-based)
-     * @param replayProtection - Scripts that identify replay protection inputs (same format as parseTransactionWithWalletKeys)
-     * @returns true if the input is a replay protection input and has a valid signature, false if no valid signature
-     * @throws Error if the input is not a replay protection input, index is out of bounds, or scripts are invalid
-     */
-    verifyReplayProtectionSignature(inputIndex, replayProtection) {
-        return this.wasm.verify_replay_protection_signature(inputIndex, replayProtection);
-    }
-    /**
-     * Serialize the PSBT to bytes
-     *
-     * @returns The serialized PSBT as a byte array
-     */
-    serialize() {
-        return this.wasm.serialize();
-    }
-    /**
-     * Finalize all inputs in the PSBT
-     *
-     * @throws Error if any input failed to finalize
-     */
-    finalizeAllInputs() {
-        this.wasm.finalize_all_inputs();
-    }
-    /**
-     * Extract the final transaction from a finalized PSBT
-     *
-     * @returns The serialized transaction bytes
-     * @throws Error if the PSBT is not fully finalized or extraction fails
-     */
-    extractTransaction() {
-        return this.wasm.extract_transaction();
-    }
-}

package/dist/esm/test/fixedScript/verifySignature.js

@@ -1,141 +0,0 @@
-import assert from "node:assert";
-import * as utxolib from "@bitgo/utxo-lib";
-import { fixedScriptWallet } from "../../js/index.js";
-import { loadPsbtFixture, loadWalletKeysFromFixture, getPsbtBuffer, } from "./fixtureUtil.js";
-/**
- * Get expected signature state for an input based on type and signing stage
- * @param inputType - The type of input (e.g., "p2shP2pk", "p2trMusig2")
- * @param signatureStage - The signing stage (unsigned, halfsigned, fullsigned)
- * @returns Expected signature state for replay protection OR multi-key signatures
- */
-function getExpectedSignatures(inputType, signatureStage) {
-    // p2shP2pk inputs use replay protection signature verification
-    if (inputType === "p2shP2pk") {
-        return {
-            hasReplayProtectionSignature: signatureStage === "halfsigned" || signatureStage === "fullsigned",
-        };
-    }
-    switch (signatureStage) {
-        case "unsigned":
-            return { user: false, backup: false, bitgo: false };
-        case "halfsigned":
-            // User signs first
-            return { user: true, backup: false, bitgo: false };
-        case "fullsigned":
-            // p2trMusig2 uses user + backup for 2-of-2 MuSig2
-            if (inputType === "p2trMusig2") {
-                return { user: true, backup: true, bitgo: false };
-            }
-            // Regular multisig uses user + bitgo
-            return { user: true, backup: false, bitgo: true };
-        default:
-            throw new Error(`Unknown signature stage: ${String(signatureStage)}`);
-    }
-}
-/**
- * Verify signature state for a specific input in a PSBT
- * @param bitgoPsbt - The PSBT to verify
- * @param rootWalletKeys - Wallet keys for verification
- * @param inputIndex - The input index to verify
- * @param inputType - The type of input (for replay protection handling)
- * @param expectedSignatures - Expected signature state for each key or replay protection
- */
-function verifyInputSignatures(bitgoPsbt, rootWalletKeys, inputIndex, expectedSignatures) {
-    // Handle replay protection inputs (P2shP2pk)
-    if ("hasReplayProtectionSignature" in expectedSignatures) {
-        const replayProtectionScript = Buffer.from("a91420b37094d82a513451ff0ccd9db23aba05bc5ef387", "hex");
-        const hasReplaySig = bitgoPsbt.verifyReplayProtectionSignature(inputIndex, {
-            outputScripts: [replayProtectionScript],
-        });
-        assert.strictEqual(hasReplaySig, expectedSignatures.hasReplayProtectionSignature, `Input ${inputIndex} replay protection signature mismatch`);
-        return;
-    }
-    // Handle standard multisig inputs
-    const xpubs = rootWalletKeys.triple;
-    const hasUserSig = bitgoPsbt.verifySignature(inputIndex, xpubs[0].toBase58());
-    const hasBackupSig = bitgoPsbt.verifySignature(inputIndex, xpubs[1].toBase58());
-    const hasBitGoSig = bitgoPsbt.verifySignature(inputIndex, xpubs[2].toBase58());
-    assert.strictEqual(hasUserSig, expectedSignatures.user, `Input ${inputIndex} user key signature mismatch`);
-    assert.strictEqual(hasBackupSig, expectedSignatures.backup, `Input ${inputIndex} backup key signature mismatch`);
-    assert.strictEqual(hasBitGoSig, expectedSignatures.bitgo, `Input ${inputIndex} BitGo key signature mismatch`);
-}
-describe("verifySignature", function () {
-    const supportedNetworks = utxolib.getNetworkList().filter((network) => {
-        return (utxolib.isMainnet(network) &&
-            network !== utxolib.networks.bitcoincash &&
-            network !== utxolib.networks.bitcoingold &&
-            network !== utxolib.networks.bitcoinsv &&
-            network !== utxolib.networks.ecash &&
-            network !== utxolib.networks.zcash);
-    });
-    supportedNetworks.forEach((network) => {
-        const networkName = utxolib.getNetworkName(network);
-        describe(`network: ${networkName}`, function () {
-            let rootWalletKeys;
-            let unsignedFixture;
-            let halfsignedFixture;
-            let fullsignedFixture;
-            let unsignedBitgoPsbt;
-            let halfsignedBitgoPsbt;
-            let fullsignedBitgoPsbt;
-            before(function () {
-                rootWalletKeys = loadWalletKeysFromFixture(networkName);
-                unsignedFixture = loadPsbtFixture(networkName, "unsigned");
-                halfsignedFixture = loadPsbtFixture(networkName, "halfsigned");
-                fullsignedFixture = loadPsbtFixture(networkName, "fullsigned");
-                unsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(getPsbtBuffer(unsignedFixture), networkName);
-                halfsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(getPsbtBuffer(halfsignedFixture), networkName);
-                fullsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(getPsbtBuffer(fullsignedFixture), networkName);
-            });
-            describe("unsigned PSBT", function () {
-                it("should return false for unsigned inputs", function () {
-                    // Verify all xpubs return false for all inputs
-                    unsignedFixture.psbtInputs.forEach((input, index) => {
-                        verifyInputSignatures(unsignedBitgoPsbt, rootWalletKeys, index, getExpectedSignatures(input.type, "unsigned"));
-                    });
-                });
-            });
-            describe("half-signed PSBT", function () {
-                it("should return true for signed xpubs and false for unsigned", function () {
-                    halfsignedFixture.psbtInputs.forEach((input, index) => {
-                        verifyInputSignatures(halfsignedBitgoPsbt, rootWalletKeys, index, getExpectedSignatures(input.type, "halfsigned"));
-                    });
-                });
-            });
-            describe("fully signed PSBT", function () {
-                it("should have 2 signatures (2-of-3 multisig)", function () {
-                    // In fullsigned fixtures, verify 2 signatures exist per multisig input
-                    fullsignedFixture.psbtInputs.forEach((input, index) => {
-                        verifyInputSignatures(fullsignedBitgoPsbt, rootWalletKeys, index, getExpectedSignatures(input.type, "fullsigned"));
-                    });
-                });
-            });
-            describe("error handling", function () {
-                it("should throw error for out of bounds input index", function () {
-                    const xpubs = rootWalletKeys.triple;
-                    assert.throws(() => {
-                        fullsignedBitgoPsbt.verifySignature(999, xpubs[0].toBase58());
-                    }, (error) => {
-                        return error.message.includes("Input index 999 out of bounds");
-                    }, "Should throw error for out of bounds input index");
-                });
-                it("should throw error for invalid xpub", function () {
-                    assert.throws(() => {
-                        fullsignedBitgoPsbt.verifySignature(0, "invalid-xpub");
-                    }, (error) => {
-                        return error.message.includes("Invalid xpub");
-                    }, "Should throw error for invalid xpub");
-                });
-                it("should return false for xpub not in derivation path", function () {
-                    // Create a different xpub that's not in the wallet
-                    // Use a proper 32-byte seed (256 bits)
-                    const differentSeed = Buffer.alloc(32, 0xaa); // 32 bytes filled with 0xaa
-                    const differentKey = utxolib.bip32.fromSeed(differentSeed, network);
-                    const differentXpub = differentKey.neutered();
-                    const result = fullsignedBitgoPsbt.verifySignature(0, differentXpub.toBase58());
-                    assert.strictEqual(result, false, "Should return false for xpub not in PSBT derivation paths");
-                });
-            });
-        });
-    });
-});