Merge pull request #6064 from BitGo/WP-4242/audit-key-method

feat(root): add key validation function

Author: mohammadalfaiyazbitgo

modules/abstract-cosmos/package.json

@@ -39,6 +39,7 @@
   },
   "dependencies": {
     "@bitgo/sdk-core": "^35.0.0",
+    "@bitgo/sdk-lib-mpc": "^10.3.0",
     "@bitgo/secp256k1": "^1.3.3",
     "@bitgo/statics": "^54.0.0",
     "@cosmjs/amino": "^0.29.5",

modules/abstract-cosmos/src/cosmosCoin.ts

@@ -1,4 +1,5 @@
 import {
+  AuditDecryptedKeyParams,
   BaseCoin,
   BaseTransaction,
   BitGoBase,
@@ -43,6 +44,7 @@ import {
 } from './lib';
 import { ROOT_PATH } from './lib/constants';
 import utils from './lib/utils';
+import { auditEcdsaPrivateKey } from '@bitgo/sdk-lib-mpc';
 
 /**
  * Cosmos accounts support memo Id based addresses
@@ -665,4 +667,13 @@ export class CosmosCoin<CustomMessage = never> extends BaseCoin {
   getKeyPair(publicKey: string): CosmosKeyPair {
     throw new Error('Method not implemented');
   }
+
+  /** @inheritDoc **/
+  auditDecryptedKey({ multiSigType, publicKey, prv }: AuditDecryptedKeyParams) {
+    if (multiSigType !== 'tss') {
+      throw new Error('Unsupported multiSigType');
+    } else {
+      auditEcdsaPrivateKey(prv as string, publicKey as string);
+    }
+  }
 }

modules/abstract-eth/src/abstractEthLikeCoin.ts

@@ -6,10 +6,14 @@ import { CoinFamily, BaseCoin as StaticsBaseCoin } from '@bitgo/statics';
 import { bip32 } from '@bitgo/secp256k1';
 import { randomBytes } from 'crypto';
 import {
+  AuditDecryptedKeyParams,
   BaseCoin,
+  bitcoin,
   BitGoBase,
   FullySignedTransaction,
   HalfSignedAccountTransaction,
+  isValidPrv,
+  isValidXprv,
   KeyPair,
   MethodNotImplementedError,
   ParsedTransaction,
@@ -25,6 +29,7 @@ import BigNumber from 'bignumber.js';
 
 import { isValidEthAddress, KeyPair as EthKeyPair, TransactionBuilder } from './lib';
 import { VerifyEthAddressOptions } from './abstractEthLikeNewCoins';
+import { auditEcdsaPrivateKey } from '@bitgo/sdk-lib-mpc';
 
 export interface EthSignTransactionOptions extends SignTransactionOptions {
   txPrebuild: TransactionPrebuild;
@@ -226,4 +231,21 @@ export abstract class AbstractEthLikeCoin extends BaseCoin {
    * @return a new transaction builder
    */
   protected abstract getTransactionBuilder(common?: EthLikeCommon.default): TransactionBuilder;
+
+  /** @inheritDoc */
+  auditDecryptedKey({ multiSigType, publicKey, prv }: AuditDecryptedKeyParams): void {
+    if (multiSigType === 'tss') {
+      auditEcdsaPrivateKey(prv as string, publicKey as string);
+    } else {
+      if (!isValidPrv(prv) && !isValidXprv(prv)) {
+        throw new Error('Invalid private key');
+      }
+      if (publicKey) {
+        const genPubKey = bitcoin.HDNode.fromBase58(prv).neutered().toBase58();
+        if (genPubKey !== publicKey) {
+          throw new Error('Incorrect xpub');
+        }
+      }
+    }
+  }
 }

modules/abstract-lightning/src/abstractLightningCoin.ts

@@ -1,4 +1,5 @@
 import {
+  AuditDecryptedKeyParams,
   BaseCoin,
   BitGoBase,
   KeyPair,
@@ -61,4 +62,9 @@ export abstract class AbstractLightningCoin extends BaseCoin {
   signTransaction(params: SignTransactionOptions): Promise<SignedTransaction> {
     throw new Error('Method not implemented.');
   }
+
+  /** @inheritDoc */
+  auditDecryptedKey(params: AuditDecryptedKeyParams) {
+    throw new Error('Method not implemented.');
+  }
 }

modules/abstract-substrate/src/abstractSubstrateCoin.ts

@@ -1,4 +1,5 @@
 import {
+  AuditDecryptedKeyParams,
   BaseCoin,
   BitGoBase,
   EDDSAMethods,
@@ -27,7 +28,7 @@ import { KeyPair as SubstrateKeyPair, Transaction } from './lib';
 import { DEFAULT_SUBSTRATE_PREFIX } from './lib/constants';
 import { SignTransactionOptions, VerifiedTransactionParameters, Material } from './lib/iface';
 import utils from './lib/utils';
-import { getDerivationPath } from '@bitgo/sdk-lib-mpc';
+import { auditEddsaPrivateKey, getDerivationPath } from '@bitgo/sdk-lib-mpc';
 import BigNumber from 'bignumber.js';
 import { ApiPromise } from '@polkadot/api';
 
@@ -519,4 +520,12 @@ export class SubstrateCoin extends BaseCoin {
     }
     return { transactions: broadcastableTransactions, lastScanIndex };
   }
+
+  /** inherited doc */
+  auditDecryptedKey({ publicKey, prv, multiSigType }: AuditDecryptedKeyParams) {
+    if (multiSigType !== 'tss') {
+      throw new Error('Unsupported multiSigType');
+    }
+    auditEddsaPrivateKey(prv, publicKey ?? '');
+  }
 }

modules/abstract-utxo/src/abstractUtxoCoin.ts

@@ -44,6 +44,9 @@ import {
   VerifyAddressOptions as BaseVerifyAddressOptions,
   VerifyTransactionOptions as BaseVerifyTransactionOptions,
   Wallet,
+  isValidPrv,
+  isValidXprv,
+  bitcoin,
 } from '@bitgo/sdk-core';
 
 import {
@@ -1136,4 +1139,20 @@ export abstract class AbstractUtxoCoin extends BaseCoin {
   getRecoveryProvider(apiToken?: string): RecoveryProvider {
     return forCoin(this.getChain(), apiToken);
   }
+
+  /** @inheritDoc */
+  auditDecryptedKey({ multiSigType, publicKey, prv }) {
+    if (multiSigType === 'tss') {
+      throw new Error('tss auditing is not supported for this coin');
+    }
+    if (!isValidPrv(prv) && !isValidXprv(prv)) {
+      throw new Error('invalid private key');
+    }
+    if (publicKey) {
+      const genPubKey = bitcoin.HDNode.fromBase58(prv).neutered().toBase58();
+      if (genPubKey !== publicKey) {
+        throw new Error('public key does not match private key');
+      }
+    }
+  }
 }

modules/sdk-coin-ada/src/ada.ts

@@ -31,13 +31,14 @@ import {
   PrebuildTransactionWithIntentOptions,
   MultisigType,
   multisigTypes,
+  AuditDecryptedKeyParams,
 } from '@bitgo/sdk-core';
 import { KeyPair as AdaKeyPair, Transaction, TransactionBuilderFactory, Utils } from './lib';
 import { BaseCoin as StaticsBaseCoin, CoinFamily, coins } from '@bitgo/statics';
 import adaUtils from './lib/utils';
 import * as request from 'superagent';
 import BigNumber from 'bignumber.js';
-import { getDerivationPath } from '@bitgo/sdk-lib-mpc';
+import { auditEddsaPrivateKey, getDerivationPath } from '@bitgo/sdk-lib-mpc';
 
 export const DEFAULT_SCAN_FACTOR = 20; // default number of receive addresses to scan for funds
 
@@ -628,4 +629,13 @@ export class Ada extends BaseCoin {
     intent.unspents = params.unspents;
     intent.senderAddress = params.senderAddress;
   }
+
+  /** inherited doc */
+  auditDecryptedKey({ publicKey, prv, multiSigType }: AuditDecryptedKeyParams) {
+    if (multiSigType !== 'tss') {
+      throw new Error('Unsupported multiSigType');
+    }
+
+    auditEddsaPrivateKey(prv, publicKey ?? '');
+  }
 }

modules/sdk-coin-algo/src/algo.ts

@@ -29,6 +29,7 @@ import {
   NotSupported,
   MultisigType,
   multisigTypes,
+  AuditDecryptedKeyParams,
 } from '@bitgo/sdk-core';
 import stellar from 'stellar-sdk';
 import BigNumber from 'bignumber.js';
@@ -846,4 +847,23 @@ export class Algo extends BaseCoin {
   private getBuilder(): AlgoLib.TransactionBuilderFactory {
     return new AlgoLib.TransactionBuilderFactory(coins.get(this.getBaseChain()));
   }
+
+  /** @inheritDoc */
+  auditDecryptedKey({ publicKey, prv, multiSigType }: AuditDecryptedKeyParams) {
+    if (multiSigType === 'tss') {
+      throw new Error('Unsupported multiSigType');
+    }
+
+    let algoKey;
+    try {
+      algoKey = new AlgoLib.KeyPair({ prv });
+    } catch (e) {
+      throw new Error('Invalid private key');
+    }
+    if (publicKey && publicKey !== algoKey.getKeys().pub) {
+      throw new Error('Invalid public key');
+    }
+
+    return;
+  }
 }

modules/sdk-coin-algo/test/unit/algo.ts

@@ -1,6 +1,6 @@
 import { AlgoLib, Talgo } from '../../src';
 import { TestBitGo, TestBitGoAPI } from '@bitgo/sdk-test';
-import { BitGoAPI } from '@bitgo/sdk-api';
+import { BitGoAPI, encrypt } from '@bitgo/sdk-api';
 import * as AlgoResources from '../fixtures/algo';
 import { randomBytes } from 'crypto';
 import { coins } from '@bitgo/statics';
@@ -10,6 +10,7 @@ import { Algo } from '../../src/algo';
 import BigNumber from 'bignumber.js';
 import { TransactionBuilderFactory } from '../../src/lib';
 import { KeyPair } from '@bitgo/sdk-core';
+import { algoBackupKey } from './fixtures/algoBackupKey';
 
 describe('ALGO:', function () {
   let bitgo: TestBitGoAPI;
@@ -1128,4 +1129,55 @@ describe('ALGO:', function () {
       });
     });
   });
+
+  describe('AuditKey', () => {
+    const { key } = algoBackupKey;
+    const walletPassphrase = 'ZQ8MhxT84m4P';
+
+    it('should return for valid inputs', () => {
+      basecoin.assertIsValidKey({
+        encryptedPrv: key,
+        walletPassphrase,
+      });
+    });
+
+    it('should throw error if the walletPassphrase is incorrect', () => {
+      assert.throws(
+        () => {
+          basecoin.assertIsValidKey({
+            encryptedPrv: key,
+            walletPassphrase: 'foo',
+          });
+        },
+        { message: "failed to decrypt prv: ccm: tag doesn't match" }
+      );
+    });
+
+    it('should throw error if the key is altered', () => {
+      const alteredKey = key.replace(/[0-9]/g, '0');
+      assert.throws(
+        () => {
+          basecoin.assertIsValidKey({
+            encryptedPrv: alteredKey,
+            walletPassphrase,
+          });
+        },
+        { message: 'failed to decrypt prv: json decrypt: invalid parameters' }
+      );
+    });
+
+    it('should throw error if the key is not a valid key', () => {
+      const invalidKey = '#@)$#($*@)#($*';
+      const encryptedPrv = encrypt(walletPassphrase, invalidKey);
+      assert.throws(
+        () => {
+          basecoin.assertIsValidKey({
+            encryptedPrv,
+            walletPassphrase,
+          });
+        },
+        { message: 'Invalid private key' }
+      );
+    });
+  });
 });

modules/sdk-coin-algo/test/unit/fixtures/algoBackupKey.ts

@@ -0,0 +1,7 @@
+export const algoBackupKey = {
+  key:
+    '{"iv":"ZdWrTtponn9Q4wK9VOkJdw==","v":1,"iter":10000,"ks":256,"ts":64,"mode"' +
+    ':"ccm","adata":"","cipher":"aes","salt":"dQ6rGI+qnmk=","ct":"Y4oLG6d+w3Apo+' +
+    'nQdH2YfNcXZrA9RCrMw5M8r7GHgxsUoZ62ZHzhjk7CpOLi4YCFIwSf40pqShGrELQkA+VkGnFD"' +
+    '}',
+};