@exodus/bitcoin-api 2.14.1 → 2.15.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exodus/bitcoin-api",
-  "version": "2.14.1",
+  "version": "2.15.1",
   "description": "Exodus bitcoin-api",
   "main": "src/index.js",
   "files": [
@@ -27,6 +27,7 @@
     "@exodus/bitcoinjs-lib": "^6.1.5-exodus.1",
     "@exodus/currency": "^2.3.2",
     "@exodus/fetch": "^1.3.0",
+    "@exodus/key-identifier": "^1.1.1",
     "@exodus/models": "^11.0.0",
     "@exodus/simple-retry": "0.0.6",
     "@exodus/timer": "^1.0.0",
@@ -57,5 +58,5 @@
     "jest-when": "^3.5.1",
     "safe-buffer": "^5.2.1"
   },
-  "gitHead": "2af27ab114d53d02eb1c324150a847e894cdcc20"
+  "gitHead": "19c4a56008f41bfc7001a6b7b8d2e4849b345d93"
 }

package/src/tx-sign/create-get-key-and-purpose.js

@@ -1,22 +1,32 @@
 import lodash from 'lodash'
+import BipPath from 'bip32-path'
 import assert from 'minimalistic-assert'
 import { getOwnProperty } from '@exodus/basic-utils'
+import KeyIdentifier from '@exodus/key-identifier'
+
 import { getECPair } from '../bitcoinjs-lib'
 
 import secp256k1 from 'secp256k1'
 
 const ECPair = getECPair()
 
-export const createGetKeyAndPurpose = ({
+export const createGetKeyWithMetadata = ({
+  signer,
   hdkeys,
   resolvePurpose,
   addressPathsMap,
   privateKeysAddressMap,
   coinInfo,
+  getKeyIdentifier,
 }) =>
   lodash.memoize((address) => {
     const purpose = resolvePurpose(address)
     const networkInfo = coinInfo.toBitcoinJS()
+
+    if (signer) {
+      return getPublicKeyFromSigner(signer, addressPathsMap, purpose, address, getKeyIdentifier)
+    }
+
     if (privateKeysAddressMap) {
       return getPrivateKeyFromMap(privateKeysAddressMap, networkInfo, purpose, address)
     }
@@ -43,3 +53,12 @@ function getPrivateKeyFromHDKeys(hdkeys, addressPathsMap, networkInfo, purpose,
   const publicKey = derivedhdkey.publicKey
   return { key, publicKey, purpose }
 }
+
+async function getPublicKeyFromSigner(signer, addressPathsMap, purpose, address, getKeyIdentifier) {
+  assert(purpose, `purpose for address ${address} could not be resolved`)
+  const addressPath = getOwnProperty(addressPathsMap, address, 'string')
+  const [chainIndex, addressIndex] = BipPath.fromString(addressPath).toPathArray()
+  const keyId = new KeyIdentifier(getKeyIdentifier({ purpose, chainIndex, addressIndex }))
+  const publicKey = await signer.getPublicKey({ keyId })
+  return { purpose, keyId, publicKey }
+}

package/src/tx-sign/create-sign-with-wallet.js

@@ -1,32 +1,40 @@
 import { Transaction, payments } from '@exodus/bitcoinjs-lib'
 
 import { toXOnly } from '../bitcoinjs-lib/ecc-utils'
-import { createGetKeyAndPurpose } from './create-get-key-and-purpose'
-import { toAsyncSigner } from './taproot'
+import { createGetKeyWithMetadata } from './create-get-key-and-purpose'
+import { toAsyncSigner, toAsyncBufferSigner, isTaprootPurpose } from './taproot'
 
 export function createSignWithWallet({
+  signer,
   hdkeys,
   resolvePurpose,
   privateKeysAddressMap,
   addressPathsMap,
   coinInfo,
   network,
+  getKeyIdentifier,
 }) {
-  const getKeyAndPurpose = createGetKeyAndPurpose({
+  const getKeyWithMetadata = createGetKeyWithMetadata({
+    signer,
     hdkeys,
     resolvePurpose,
     privateKeysAddressMap,
     addressPathsMap,
     coinInfo,
+    getKeyIdentifier,
   })
 
   return async (psbt, inputsToSign) => {
     // The Taproot SIGHASH flag includes all previous outputs,
     // so signing is only done AFTER all inputs have been updated
+    const signingPromises = []
+
     for (let index = 0; index < psbt.inputCount; index++) {
       const inputInfo = inputsToSign[index]
       // dApps request to sign only specific transaction inputs.
       if (!inputInfo) continue
+
+      const input = psbt.data.inputs[index]
       const { address, sigHash } = inputInfo
       // The sighash value from the PSBT input itself will be used.
       // This list just represents possible sighash values the inputs can have.
@@ -34,12 +42,11 @@ export function createSignWithWallet({
         sigHash === undefined
           ? undefined // `SIGHASH_DEFAULT` is a default safe sig hash, always allow it.
           : [sigHash, Transaction.SIGHASH_ALL]
-      const { key, purpose, publicKey } = getKeyAndPurpose(address)
+      const { key, purpose, keyId, publicKey } = await getKeyWithMetadata(address)
 
       const isP2SH = purpose === 49
-      const hasTapLeafScript =
-        psbt.data.inputs[index].tapLeafScript && psbt.data.inputs[index].tapLeafScript.length > 0
-      const isTaprootKeySpend = purpose === 86 && !hasTapLeafScript
+      const hasTapLeafScript = input.tapLeafScript && input.tapLeafScript.length > 0
+      const isTaprootKeySpend = isTaprootPurpose(purpose) && !hasTapLeafScript
 
       if (isP2SH) {
         // If spending from a P2SH address, we assume the address is P2SH wrapping
@@ -50,7 +57,7 @@ export function createSignWithWallet({
         const p2sh = payments.p2sh({ redeem: p2wpkh })
         if (address === p2sh.address) {
           // Set the redeem script in the psbt in case it's missing.
-          if (!Buffer.isBuffer(psbt.data.inputs[index].redeemScript)) {
+          if (!Buffer.isBuffer(input.redeemScript)) {
             psbt.updateInput(index, {
               redeemScript: p2sh.redeem.output,
             })
@@ -58,20 +65,20 @@ export function createSignWithWallet({
         } else {
           throw new Error('Expected P2SH script to be a nested segwit input')
         }
-      } else if (isTaprootKeySpend && !Buffer.isBuffer(psbt.data.inputs[index].tapInternalKey)) {
+      } else if (isTaprootKeySpend && !Buffer.isBuffer(input.tapInternalKey)) {
         // tapInternalKey is metadata for signing and not part of the hash to sign.
         // so modifying it here is fine.
-        psbt.updateInput(index, {
-          tapInternalKey: toXOnly(publicKey),
-        })
+        psbt.updateInput(index, { tapInternalKey: toXOnly(publicKey) })
       }
 
+      const asyncSigner = signer
+        ? await toAsyncBufferSigner({ signer, isTaprootKeySpend, purpose, keyId })
+        : toAsyncSigner({ keyPair: key, isTaprootKeySpend, network })
+
       // desktop / BE / mobile with bip-schnorr signing
-      await psbt.signInputAsync(
-        index,
-        toAsyncSigner({ keyPair: key, isTaprootKeySpend, network }),
-        allowedSigHashTypes
-      )
+      signingPromises.push(psbt.signInputAsync(index, asyncSigner, allowedSigHashTypes))
     }
+
+    await Promise.all(signingPromises)
   }
 }

package/src/tx-sign/default-create-tx.js

@@ -4,7 +4,13 @@ import { createPrepareForSigning } from './default-prepare-for-signing'
 import { createSignWithWallet } from './create-sign-with-wallet'
 import { extractTransaction } from './common'
 
-export const signTxFactory = ({ assetName, resolvePurpose, coinInfo, network }) => {
+export const signTxFactory = ({
+  assetName,
+  resolvePurpose,
+  coinInfo,
+  network,
+  getKeyIdentifier,
+}) => {
   assert(assetName, 'assetName is required')
   assert(resolvePurpose, 'resolvePurpose is required')
   assert(coinInfo, 'coinInfo is required')
@@ -15,22 +21,33 @@ export const signTxFactory = ({ assetName, resolvePurpose, coinInfo, network })
     coinInfo,
   })
 
-  return async ({ unsignedTx, hdkeys, privateKeysAddressMap }) => {
+  return async ({ unsignedTx, hdkeys, privateKeysAddressMap, signer }) => {
     assert(unsignedTx, 'unsignedTx is required')
-    assert(hdkeys || privateKeysAddressMap, 'hdkeys or privateKeysAddressMap is required')
+    assert(
+      hdkeys || privateKeysAddressMap || signer,
+      'hdkeys or privateKeysAddressMap or signer is required'
+    )
 
-    const { addressPathsMap } = unsignedTx.txMeta
+    const { addressPathsMap, accountIndex } = unsignedTx.txMeta
 
     const psbt = prepareForSigning({ unsignedTx })
 
     const inputsToSign = unsignedTx.txMeta.inputsToSign || unsignedTx.txData.inputs
     const signWithWallet = createSignWithWallet({
+      signer,
       hdkeys,
       resolvePurpose,
       privateKeysAddressMap,
       addressPathsMap,
       coinInfo,
       network,
+      getKeyIdentifier: (args) => {
+        assert(
+          !('accountIndex' in args) || args.accountIndex === accountIndex,
+          '`accountIndex` mismatch'
+        )
+        return getKeyIdentifier({ ...args, accountIndex })
+      },
     })
 
     await signWithWallet(psbt, inputsToSign)

package/src/tx-sign/taproot.js

@@ -1,7 +1,7 @@
 import { crypto } from '@exodus/bitcoinjs-lib'
 import assert from 'minimalistic-assert'
+
 import { getSchnorrEntropy } from './default-entropy'
-import { toXOnly } from '../bitcoinjs-lib/ecc-utils'
 import { eccFactory } from '../bitcoinjs-lib/ecc'
 import { getECPair } from '../bitcoinjs-lib'
 
@@ -20,10 +20,7 @@ function tweakSigner({ signer, tweakHash, network }) {
     privateKey = ecc.privateNegate(privateKey)
   }
 
-  const tweakedPrivateKey = ecc.privateAdd(
-    privateKey,
-    tapTweakHash(toXOnly(signer.publicKey), tweakHash)
-  )
+  const tweakedPrivateKey = ecc.privateAdd(privateKey, tapTweakHash(signer.publicKey, tweakHash))
   if (!tweakedPrivateKey) {
     throw new Error('Invalid tweaked private key!')
   }
@@ -33,8 +30,20 @@ function tweakSigner({ signer, tweakHash, network }) {
   })
 }
 
-function tapTweakHash(pubKey, h) {
-  return crypto.taggedHash('TapTweak', Buffer.concat(h ? [pubKey, h] : [pubKey]))
+export const tweakPublicKey = ({ publicKey, tweak }) => {
+  const xOnlyPub = ecc.xOnlyPointFromPoint(publicKey)
+  const { parity, xOnlyPubkey } = ecc.xOnlyPointAddTweak(xOnlyPub, tweak)
+
+  return Buffer.from([parity ? 0x03 : 0x02, ...xOnlyPubkey])
+}
+
+export const tapTweakHash = (publicKey, h) => {
+  const xOnlyPoint = ecc.xOnlyPointFromPoint(publicKey)
+  return crypto.taggedHash('TapTweak', Buffer.concat(h ? [xOnlyPoint, h] : [xOnlyPoint]))
+}
+
+export function isTaprootPurpose(purpose) {
+  return purpose === 86
 }
 
 /**
@@ -44,7 +53,7 @@ export function toAsyncSigner({ keyPair, isTaprootKeySpend, network }) {
   assert(keyPair, 'keyPair is required')
 
   if (isTaprootKeySpend) {
-    keyPair = tweakSigner({ signer: keyPair, ECPair, network })
+    keyPair = tweakSigner({ signer: keyPair, network })
   }
 
   // eslint-disable-next-line @exodus/mutable/no-param-reassign-prop-only
@@ -61,3 +70,42 @@ export function toAsyncSigner({ keyPair, isTaprootKeySpend, network }) {
 
   return keyPair
 }
+
+// signer: {
+//   sign: ({ data, ecOptions, enc, purpose, keyId, signatureType, tweak, extraEntropy }: KeychainSignerParams): Promise<any>
+//   getPublicKey: ({ keyId }) => Promise<Buffer>
+// }
+//
+export async function toAsyncBufferSigner({ signer, purpose, keyId, isTaprootKeySpend }) {
+  let tweak
+  let publicKey = await signer.getPublicKey({ keyId })
+  if (isTaprootKeySpend) {
+    tweak = tapTweakHash(publicKey)
+    publicKey = tweakPublicKey({ publicKey, tweak })
+  }
+
+  return {
+    sign: async (data) => {
+      const ecOptions = { canonical: true }
+      const sig = await signer.sign({ data, keyId, ecOptions, enc: 'raw', signatureType: 'ecdsa' })
+      const signature = new Uint8Array(64)
+      signature.set(sig.r.toArrayLike(Uint8Array, 'be', 32), 0)
+      signature.set(sig.s.toArrayLike(Uint8Array, 'be', 32), 32)
+      return Buffer.from(signature)
+    },
+    signSchnorr: async (data) => {
+      assert(
+        isTaprootPurpose(purpose),
+        `signSchnorr: invalid purpose for schnorr signing: ${purpose}`
+      )
+      return signer.sign({
+        data,
+        keyId,
+        signatureType: 'schnorr',
+        tweak,
+        extraEntropy: getSchnorrEntropy(),
+      })
+    },
+    publicKey,
+  }
+}