feat(utxo-lib): extract address from paygo attestation proof

Made a function that extracts the address buffer from an
attestation format. We created a testutil function that generates
this attestation format so that we can test within utxo-lib.

This messages will later be signed by a key and we need to verify
that signature as well as make sure that the address encoded in
the attestation proof matches the address of the output that we
attach this onto.

TICKET: BTC-2150

Author: christopher-fong

modules/utxo-lib/src/bitgo/ExtractAddressPayGoAttestation.ts

@@ -0,0 +1,44 @@
+import * as assert from 'assert';
+import { varuint } from 'bitcoinjs-lib/src/bufferutils';
+
+// The signed address will always have the following structure:
+// 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID>
+
+const PrefixLength = Buffer.from([0x18]).length + Buffer.from('Bitcoin Signed Message:\n').length;
+// UUID has the structure 00000000-0000-0000-0000-000000000000, and after
+// we Buffer.from and get it's length its 36.
+const UuidBufferLength = 36;
+// The entropy will always be 64 bytes
+const EntropyLen = 64;
+
+/**
+ * This function takes in the attestation proof of a PayGo address of the from
+ * 0x18Bitcoin Signed Message:\n<varint_length><ENTROPY><ADDRESS><UUID> and returns
+ * the address given its length. It is assumed that the ENTROPY is 64 bytes in the Buffer
+ * so if not given an address proof length we can still extract the address from the proof.
+ *
+ * @param message
+ * @param adressProofLength
+ */
+export default function extractAddressBufferFromPayGoAttestationProof(message: Buffer): Buffer {
+  if (message.length <= PrefixLength + EntropyLen + UuidBufferLength) {
+    throw new Error('PayGo attestation proof is too short to contain a valid address');
+  }
+
+  // This generates the first part before the varint length so that we can
+  // determine how many bytes this is and iterate through the Buffer.
+  let offset = PrefixLength;
+
+  // we decode the varint of the message which is uint32
+  // https://en.bitcoin.it/wiki/Protocol_documentation
+  const varInt = varuint.decode(message, offset);
+  assert(varInt);
+  offset += 1;
+
+  const addressLength = varInt - EntropyLen - UuidBufferLength;
+  offset += EntropyLen;
+
+  // we return what the Buffer subarray from the offset (beginning of address)
+  // to the end of the address index in the buffer.
+  return message.subarray(offset, offset + addressLength);
+}

modules/utxo-lib/src/testutil/psbt.ts

@@ -1,4 +1,6 @@
 import * as assert from 'assert';
+import { varuint } from 'bitcoinjs-lib/src/bufferutils';
+import * as crypto from 'crypto';
 
 import {
   createOutputScriptP2shP2pk,
@@ -77,7 +79,10 @@ export function toUnspent(
   rootWalletKeys: RootWalletKeys
 ): Unspent<bigint> {
   if (input.scriptType === 'p2shP2pk') {
-    return mockReplayProtectionUnspent(network, input.value, { key: rootWalletKeys['user'], vout: index });
+    return mockReplayProtectionUnspent(network, input.value, {
+      key: rootWalletKeys['user'],
+      vout: index,
+    });
   } else {
     const chain = getInternalChainCode(input.scriptType === 'taprootKeyPathSpend' ? 'p2trMusig2' : input.scriptType);
     return mockWalletUnspent(network, input.value, {
@@ -95,7 +100,10 @@ export function toUnspent(
  * user and backup as signer and cosigner respectively for p2trMusig2.
  * user and bitgo as signer and cosigner respectively for other input script types.
  */
-export function getSigners(inputType: InputScriptType): { signerName: KeyName; cosignerName?: KeyName } {
+export function getSigners(inputType: InputScriptType): {
+  signerName: KeyName;
+  cosignerName?: KeyName;
+} {
   return {
     signerName: 'user',
     cosignerName: inputType === 'p2shP2pk' ? undefined : inputType === 'p2trMusig2' ? 'backup' : 'bitgo',
@@ -138,7 +146,10 @@ export function signPsbtInput(
   if (sign === 'fullsigned' && cosignerName && input.scriptType !== 'p2shP2pk') {
     signPsbt(
       psbt,
-      () => psbt.signInputHD(inputIndex, rootWalletKeys[cosignerName], { deterministic }),
+      () =>
+        psbt.signInputHD(inputIndex, rootWalletKeys[cosignerName], {
+          deterministic,
+        }),
       skipNonWitnessUtxo
     );
   }
@@ -161,7 +172,11 @@ export function signAllPsbtInputs(
 ): void {
   const { signers, deterministic, skipNonWitnessUtxo } = params ?? {};
   inputs.forEach((input, inputIndex) => {
-    signPsbtInput(psbt, input, inputIndex, rootWalletKeys, sign, { signers, deterministic, skipNonWitnessUtxo });
+    signPsbtInput(psbt, input, inputIndex, rootWalletKeys, sign, {
+      signers,
+      deterministic,
+      skipNonWitnessUtxo,
+    });
   });
 }
 
@@ -195,7 +210,9 @@ export function constructPsbt(
     } else {
       const { redeemScript } = createOutputScriptP2shP2pk(rootWalletKeys[signerName].publicKey);
       assert(redeemScript);
-      addReplayProtectionUnspentToPsbt(psbt, u, redeemScript, { skipNonWitnessUtxo });
+      addReplayProtectionUnspentToPsbt(psbt, u, redeemScript, {
+        skipNonWitnessUtxo,
+      });
     }
   });
 
@@ -224,10 +241,17 @@ export function constructPsbt(
   psbt.setAllInputsMusig2NonceHD(rootWalletKeys['user']);
   psbt.setAllInputsMusig2NonceHD(rootWalletKeys['bitgo'], { deterministic });
 
-  signAllPsbtInputs(psbt, inputs, rootWalletKeys, 'halfsigned', { signers, skipNonWitnessUtxo });
+  signAllPsbtInputs(psbt, inputs, rootWalletKeys, 'halfsigned', {
+    signers,
+    skipNonWitnessUtxo,
+  });
 
   if (sign === 'fullsigned') {
-    signAllPsbtInputs(psbt, inputs, rootWalletKeys, sign, { signers, deterministic, skipNonWitnessUtxo });
+    signAllPsbtInputs(psbt, inputs, rootWalletKeys, sign, {
+      signers,
+      deterministic,
+      skipNonWitnessUtxo,
+    });
   }
 
   return psbt;
@@ -261,3 +285,44 @@ export function verifyFullySignedSignatures(
     }
   });
 }
+
+/** We have a mirrored function similar to our hsm that generates our Bitcoin signed
+ * message so that we can use for testing. This creates a random entropy as well using
+ * the nilUUID structure to construct our uuid buffer and given our address we can
+ * directly encode it into our message.
+ *
+ * @param attestationPrvKey
+ * @param uuid
+ * @param address
+ * @returns
+ */
+export function generatePayGoAttestationProof(uuid: string, address: Buffer): Buffer {
+  // <0x18Bitcoin Signed Message:\n
+  const prefixByte = Buffer.from([0x18]);
+  const prefixMessage = Buffer.from('Bitcoin Signed Message:\n');
+  const prefixBuffer = Buffer.concat([prefixByte, prefixMessage]);
+
+  // <ENTROPY>
+  const entropyLength = 64;
+  const entropy = crypto.randomBytes(entropyLength);
+
+  // <UUID>
+  const uuidBuffer = Buffer.from(uuid);
+  const uuidBufferLength = uuidBuffer.length;
+
+  // <ADDRESS>
+  const addressBufferLength = address.length;
+
+  // <VARINT_LENGTH>
+  const msgLength = entropyLength + addressBufferLength + uuidBufferLength;
+  const msgLengthBuffer = varuint.encode(msgLength);
+
+  // <0x18Bitcoin Signed Message:\n<LENGTH><ENTROPY><ADDRESS><UUID>
+  const proofMessage = Buffer.concat([prefixBuffer, msgLengthBuffer, entropy, address, uuidBuffer]);
+
+  // we sign this with the priv key
+  // don't know what sign function to call. Since this is just a mirrored function don't know if we need
+  // to include this part.
+  // const signedMsg = sign(attestationPrvKey, proofMessage);
+  return proofMessage;
+}

modules/utxo-lib/test/bitgo/ExtractAddressPayGoAttestation.ts

@@ -0,0 +1,43 @@
+import * as assert from 'assert';
+
+import { generatePayGoAttestationProof } from '../../src/testutil/psbt';
+import extractAddressBufferFromPayGoAttestationProof from '../../src/bitgo/ExtractAddressPayGoAttestation';
+
+const addressFromPubKeyBase58 = 'bitgoAddressToExtract';
+const bufferAddressPubKeyB58 = Buffer.from(addressFromPubKeyBase58);
+
+describe('extractAddressBufferFromPayGoAttestationProof', () => {
+  it('should extractAddressBufferFromPayGoAttestationProof properly', () => {
+    const paygoAttestationProof = generatePayGoAttestationProof(
+      '00000000-0000-0000-0000-000000000000',
+      bufferAddressPubKeyB58
+    );
+    const addressFromProof = extractAddressBufferFromPayGoAttestationProof(paygoAttestationProof);
+    assert.deepStrictEqual(Buffer.compare(addressFromProof, bufferAddressPubKeyB58), 0);
+  });
+
+  it('should extract the paygo address paygo attestation proof given a non nilUUID', () => {
+    const paygoAttestationProof = generatePayGoAttestationProof(
+      '12345678-1234-4567-6890-231928472123',
+      bufferAddressPubKeyB58
+    );
+    const addressFromProof = extractAddressBufferFromPayGoAttestationProof(paygoAttestationProof);
+    assert(Buffer.compare(addressFromProof, bufferAddressPubKeyB58) === 0);
+  });
+
+  it('should not extract the correct address given a uuid of wrong format', () => {
+    const paygoAttestationProof = generatePayGoAttestationProof(
+      '000000000000000-000000-0000000-000000-0000000000000000',
+      bufferAddressPubKeyB58
+    );
+    const addressFromProof = extractAddressBufferFromPayGoAttestationProof(paygoAttestationProof);
+    assert(Buffer.compare(addressFromProof, bufferAddressPubKeyB58) !== 0);
+  });
+
+  it('should throw an error if the paygo attestation proof is too short', () => {
+    assert.throws(
+      () => extractAddressBufferFromPayGoAttestationProof(Buffer.from('shortproof-shrug')),
+      'PayGo attestation proof is too short to contain a valid address.'
+    );
+  });
+});